Prioritized Access Permissions
When you set permissions for organizations, users, and roles, multiple access permissions and rights may be set for one user.
This section describes access permissions that are prioritized when any access conflict exists.
Differences in Prioritized Permissions Based on Security Models
If one user has multiple access permissions, the priority is dependent on the security model.
- If the security model is GRANT (select a target):
If actions are allowed in any of the settings, that setting takes priority. - If the security model is REVOKE (select a target to be limited):
If actions are restricted in any of the settings, that setting takes priority. If actions are restricted in one setting, user cannot perform the actions.
Here, we provide an example of access permissions for the "Contact" category in Kato's bulletin board.
Kato is a member of the General Affairs Department and the Accountant role.
Actions allowed for Kato's "Contact" category are as follows
Access Permissions | View | Read | Adding a comment |
---|---|---|---|
Organization (General Affairs Department) | |||
Role (Accountant) | |||
User (Daisuke Kato) |
Actions allowed for Kato | View | Read | Adding a comment |
---|---|---|---|
Topics in the "Contact" category |
Access Permissions | View | Read | Adding a comment |
---|---|---|---|
Organization (General Affairs Department) | |||
Role (Accountant) | |||
User (Daisuke Kato) |
Actions allowed for Kato | View | Read | Adding a comment |
---|---|---|---|
Topics in the "Contact" category |
Prioritized Permissions for Scheduler and Phone Messages
Here we describe prioritized permissions for schedulers and phone messages.
Users who have access permissions for schedulers can view, add, change, or
delete appointments of the target organization or user.
Following access permissions can be set for schedulers.
- Access permissions for the schedule of the organization
- Access permissions for schedules of users who are members of the organization or the role.
- Access permissions for the schedule of the user.
- Access permissions for reservations of facilities belonging to a facility group
- Access permissions for reservations of facilities.
Users who have access permission for phone messages can add or view phone messages of the target user.
Following access permissions can be set for phone messages.
- Access permissions for phone messages of users who are members of the organization or the role.
- Access permissions for phone messages of the user.
When you set access permissions for schedulers and phone messages, you can, for example, allow only users who belong to the secretarial department to add appointments and phone messages of the president.
When you set access permissions for schedulers and phone messages of organizations and roles, different access permissions may be set for scheduler and phone messages of one user.
If different access permissions are set, prioritized permissions are as follows.
When Organizations, Users, and Roles Have Different Permissions
If different permissions are set for organizations, users, and roles, permissions granted to users will prevail.
Here, we provide an example of Kato's access permission for Yoshida's schedule.
Yoshida belongs to the organization "Information System Department" and the role "Department Manager".
Access permissions held by Kato | View | Add | Change | Delete |
---|---|---|---|---|
Organization (Information Systems Department) | ||||
Role (Director) | ||||
User (Makoto Yoshida) |
Actions allowed for Kato | View | Add | Change | Delete |
---|---|---|---|---|
Yoshida's schedule |
When Different User Rights Are Set Only for Organizations and Roles
If a user has no access permissions, and the organization or role has different access permissions, permissions granted to the organization or the role will prevail.
Here, we provide an example of Kato's access permission for Yoshida's schedule.
Yoshida belongs to the organization "Information System Department" and the role "Department Manager".
Access Permissions are not set for Yoshida's scheduler.
Access permissions held by Kato | View | Add | Change | Delete |
---|---|---|---|---|
Organization (Information Systems Department) | ||||
Role (Director) | ||||
User (Makoto Yoshida) |
Actions allowed for Kato | View | Add | Change | Delete |
---|---|---|---|---|
Yoshida's schedule |
When Different User Rights Are Set Only for Facility Groups and Facilities
When a facility group reservation and a facility reservation have different access permissions, the permissions set to both reservations apply to the facility reservation
If access permissions are set only for a facility group reservation, the permissions for the facility group also apply to the facility reservation.
Here, we provide an example of Kato's access permissions for reservation of the conference room 1 and the conference room 2.
The conference room 1 and the conference room 2 belong to the "Conference Room" facility group.
Kato has different access permissions for reservation of the "Conference Room" facility group and the "Conference Room 1" facility.
Access permissions have not been set for reservation of the "Conference Room 2" facility.
Access permissions held by Kato | View | Add | Change | Delete |
---|---|---|---|---|
Facility Group (Conference room) | ||||
Facility 1 (Conference Room 1) | ||||
Facility 2 (Conference Room 2) |
Actions allowed for Kato | View | Add | Change | Delete |
---|---|---|---|---|
Reservation of the Conference Room 1 | ||||
Reservation of the Conference Room 2 |