User permissions / Permissions matrix

Introduction

The permission management view is accessed from the main menu Users -> Privilege matrix.

Permissions in applications are divided into sections, described in detail below. 
Many permissions are interrelated, which means that several of them need to be activated in order to achieve the desired permission. The application does not activate the related permissions on its own, e.g. you want to grant the right to create new users, you have to activate the remaining permissions necessary to use this right (described in the permission), the application does not automatically activate all permissions related to this right. After editing the privilege, users are obliged to log out and log in again so that changes in the privilege are visible in their account.
When creating a new privilege we must remember about the uniqueness of the privilege's name (the system will not create a second role with the same name). Each new role must have at least one active permission.

Users

Access to all users - Authorization allows access to all users in the application, when the authorization is deactivated the user will only have access to the users of his subordinates. The permission is related to Reports.
Can display an authorization matrix - The user has access to the authorization matrix and sees the list of available permissions. The user cannot enter the permission edition and check what settings the permission has, he cannot change the permissions. Permission related to View Users - which must be active, together with its connections, in order to use this permission.
Can edit the permission matrix - the user can edit the permission (or create new permissions) and check what settings the permission has, can make changes to the permissions. NOTE, this option requires that the privilege is also enabled: It can display the permission matrix - because without this permission, the user will not display the permission matrix. The privilege associated with Display Users - which must be active, along with its connections, in order to use this privilege.
User Display - allows the user to display the User List view. NOTE. The privilege gives access to the User List view, but the privilege is strongly related to access to Clients. In order for a user to see users in this view, the privilege must be assigned the role of Visibility of all clients or associate the user with a selected Client, in such a case the user will see users associated only with this Client in the View of User Lists.
Creating Users - allows the User to create New Users. This permission causes the button called New Users to be added to the list of users view, and after clicking it opens the window for adding new users. Note - the permission has strong relations with the Client object. When a user does not have permission to any of the Clients, adding New Users will not be possible even though this permission has been activated. Note 2 - to create new users a user must have active permission: He can display authorization levels to be able to select an authorization level for a new user and He can display user groups to associate a user with groups.
Edit Users - allows the User to edit the existing Users, in the view of the list of users, there is an edition icon visible, which allows to enter the Edit User and make modifications. Attention - the authorization has strong relations with the Client object. The User can edit a new user only if he has active permission Visibility of all clients or I have added client(s) in his user profile where he wants to edit the user. If a user does not have permission to any of the clients, editing of users will not be possible even though this permission has been activated. Related permissions: Can display permissions, Can display user groups.
Delete Users - allows the user to "delete" Users, i.e. soft delete, causes the user to be hidden from visibility in the system, not to be physically deleted, which is impossible because the user is linked with relations with many objects, including the results of tasks performed in locations.
Can export users - The permission causes the Import/Export button to be visible in the users list view, which allows exporting users. Note: This permission is associated with the Display Users permission, which allows to enter the User List view, without this permission active the user cannot use the Export Users permission.
Can import users - Permission allows to display Import/Export button in User List view, which allows to import users. Note: This permission is associated with the Display Users permission, which allows to enter the User Lists view, without this permission active the user cannot use the import users permission.
User Groups Display - allows the user to display user groups. NOTE - in contrast to the User List view, this privilege is not related to the Client object, it means that the users managing the groups see all groups in the system, all Clients.
Creating User Groups - allows the user to create user groups. The permission causes a button called New Group to be added to the list of user groups in the list of user groups view, after clicking it, the window for adding new users opens. Note - the permission has strong relations with the Client object. A user can create a group of users only if he has active Visibility of all clients or if he has added client(s) to his user profile. When a user does not have permission to any of the Clients, adding a User Group will not be possible even if this permission is activated.
Edit User Groups - allows a user to edit user groups. Attention - the privilege has strong relations with the Client object. A user can edit a group of users only if he has active Visibility of all clients or I have added client(s) in his user profile. If a user does not have permission to any of the Clients, editing of the User Group will not be possible even if this permission is activated.
Deleting User Groups - allows a user to delete user groups.
Can import user groups - This permission makes the Import button visible, which allows you to import user groups.
May display activity history - This permission allows to enter/exit activity history tab in user profile.
Can display task history - Permission allows you to enter/exit task history tab in user profile
Can display point history - This permission allows you to enter/display the point history tab in your profile
Can edit user points - This permission allows you to edit the balance of points in the user profile. Without this permission the field is read-only.
Can display authorization levels - Permission causes visibility in profile: Permission level. When the role is not active, it is not possible to suspect what privilege level the user has. Without this permission, it is not possible to create a new user, because the selection of the Level of Rights is an obligatory field.

Client

Visibility of all clients - A permission associated with user view permissions, giving access to views of all clients in the application. More detailed information on user permissions.
Can display clients - The permission gives the ability to enter/visit the Clients section in the left main application menu.
Can create clients - The permission allows to create a new client in the Clients section
Can edit clients - The permission allows you to edit an existing client in the Clients section
May remove clients - The Power allows you to remove a client in the Clients section
Can export customers - The permission causes the Import/Export button to be visible, which allows all customers to export
Can import customers - The permission causes the Import/Export button to be visible, which allows you to import customers into the application

Locations

Access to all locations in the application - The permission allows you to access all locations in the application. The privilege has replaced the privilege (narrowing locations), when the privilege is active it gives access to all locations, when the privilege is not active the user will only have access to the locations specified in his user profile. Note that if the user does not have any locations indicated in his profile, he will not see any tasks in the Task View. A user with a limited task view is built using a Cache, which is responsible for the parameter: EnableTaskCacheSyncJob, which must be active in the general settings of the application.
It can display the Location Manager - Permission allows you to enter/visit the Locations section in the left main application menu. This permission allows you to see all location groups in the application, create new location groups and edit existing ones.
Display locations and groups of locations - Permission allows you to display a list of locations in a given location group.
Create Locations - This permission allows you to create new locations within location groups.
Can edit locations - This permission allows you to edit locations within location groups.
Delete Locations - This permission allows you to delete locations within a group of locations and delete location groups (and move to editing a group of locations).
Can export locations within a group of locations - The permission allows you to export locations within a group of locations
Can import locations - The permission causes the Import button to be visible, which allows you to import locations into applications within a group of locations.

Tasks

Access to all tasks in the application - This permission allows you to access all tasks in the application (settings of location groups in tasks). The permission has replaced the permission (narrowing projects), when the permission is active it gives access to all tasks (location group settings in tasks) when the permission is not active the user will only have access to the tasks (location group settings in tasks) specified in his user profile. Note that if the user does not have any tasks (location group settings in tasks) in his profile, he will not see any tasks in View All Tasks.
It can display all tasks - This permission allows you to enter/visit All Tasks section available in the left main application menu or from My Tasks view. Note the permission associated with Access to all tasks in the application, Access to all locations and Visibility of all clients that define what range of tasks will be visible in this view.
Can create all tasks - The permission makes the New Task button visible, which allows you to create a new task. Note, the permission is associated with permissions: Access to all users, Can display location manager, Visibility of all clients - Without this permission active, user will not be able to create task.
Can edit all tasks - Permission causes visibility of the transition icon to edit task, which allows to edit task parameters. Note, the permission is related to the permissions: Can display list of projects, Can display Kanban with projects, Can display location manager, Visibility of all clients - without these permissions active in role, user will not be able to edit the task.
Can delete all tasks - Permission causes visibility of task deletion icon, which allows to edit task parameters. Note.
It can display its tasks - Permission allows you to enter/visibility of My Tasks section available in the left main application menu.
It can export all tasks - Permission allows to display Export button, which allows to export data from All Tasks view.
It can import user relations in tasks - Permission allows you to import user relations to tasks.
Displaying the Generator - Permission causes visibility of the Task Generator button, which allows to go to editing and creating the task process.

Projects

Can display a list of projects - This permission allows you to enter/display the Projects section in the left main application menu. Note The permission associated with list permission can create all tasks and can edit all tasks, without this permission active user will not be able to create/edit new tasks.
Can display project array - Permission allows you to display the projects array - This permission makes the transition icon to the projects view in tab form visible - an alternative view to the projects list.
Can display Kanban with projects - Permission causes the "Process" icon to be visible, allowing you to switch to the projects view as a Kanban table.
Creating Projects - Permission causes visibility of the "New Project" icon which allows the User to create new Projects.
Editing Projects - This permission causes visibility of the "New Project" icon which allows the User to edit Projects.
Deleting Projects - This permission allows the User to delete Projects.

Verification of task responses

Displaying tasks in verification with the status "Accepted - Authorization" makes the Task Verification icon visible in the view of the list of all tasks, which allows the User to display tasks in verification with the status "Accepted". Note, activating any of the permissions for displaying tasks causes an icon to appear in the view, the default view for the task response verification view is the view with the status "Accepted" and "For verification", it means that when activating only permissions with the status "Rejected" and/or "Rejected and returned" you should select a task with this status in the view filter to see the results. The privilege associated with the privilege: Access to all locations in the application (displaying tasks only from specific locations or all)
Displaying the tasks in verification with the status "To Verify - To Verify" Authorization makes the Task Verification icon visible in the view of the list of all tasks, which allows the User to display the tasks in verification with the status "To Verify". Note, activating any of the permissions for displaying tasks causes an icon to appear in the view, the default view for the task response verification view is the view with the status "Accepted" and "For Verification", it means that when activating only permissions with the status "Rejected" and/or "Rejected and returned" you should select a task with this status in the view filter to see the results. The privilege associated with the privilege: Access all locations in the application (displaying tasks only from specific locations or all).
Displaying tasks in verification with the status - Rejected - The permission causes the visibility of the Task Verification icon in the list of all tasks, which allows the User to display tasks in verification with the status "Rejected". Note, activating any of the permissions for displaying tasks causes an icon to appear in the view, the default view for the task response verification view is the view with the status "Accepted" and "For verification", it means that when activating only permissions with the status "Rejected" and/or "Rejected and returned" you should select a task with this status in the view filter to see the results. The privilege associated with the privilege: Access all locations in the application (displaying tasks only from specific locations or all).
Displaying tasks in verification with status - Rejected and returned - The permission allows the User to display tasks in verification with the status "Rejected and returned". Note, activating any of the permissions for displaying tasks causes an icon to appear in the view, the default view for the task response verification view is the view with the status "Accepted" and "For verification", it means that when activating only permissions with the status "Rejected" and/or "Rejected and returned" you should select a task with this status in the view filter to see the results. The privilege associated with the privilege: Access all locations in the application (displaying tasks only from specific locations or all).
Verification of all tasks in the application - Active permission that makes all results of answers given in the task visible. If this permission is inactive, user X in the task verification view will only see the answers given to other users Y, who were indicated as his subordinates (in their profiles they have a supervisor set to user X) and their executions. If user X does not have subordinates and his tasks' executions, his task verification view will be empty.
Acceptance of tasks in verification - The permission causes the Acceptance and Rejection buttons to be visible in the view of viewing the answers given for the whole task and individual answers.
Can export tasks to be verified - This permission allows to display the Export button in the list of tasks to be verified and to export data from this view.
It can export photos of sentences for verification - This permission allows to display Export photos in task verification view (photo gallery) and export photos according to filter.

Reports

Can display reports - The permission allows you to see the Report icon in the left main menu and go to the section with single and recurring reports.
Can edit reports - This permission allows you to create reports and edit cyclic reports. This permission is related to permissions: Access to all tasks in application, Access to all locations in application, Visibility of all clients, Access to all users.

Admin Tools

Can display administrative tools - makes advanced tools visible to system administrators. Function available from version 1.53 onwards
Can display application settings - makes the application settings icon visible in the left main menu, which allows you to enter the General application settings view.
Can edit application settings - makes it possible to edit global application settings
Can approve mobile applications - makes the Apps Appearances section visible in the General Application Settings. In this view are published requests sent by users, in which the application has found the presence of applications that are pretending to be located. In this view, it is possible to add to the white list applications that the user may have on his device despite the potential impact of the location simulation. Function available from version 1.52 onwards
It can display application translations - makes the Translations section visible in the General Settings of the application and the translation overview. Function available from version 1.52 onwards
Can edit application translations - causes the ability to edit translations for the web panel into English, German, Russian, French. This function is available from version 1.52 onwards.

Other

It can add a Google account for integration with the calendar - the authorization causes a button to be visible in the application settings to authorize the whole application in the googl calendar. The authorized account will be used as an account to invite users (generating an invitation) in the googl calendar for tasks that generate meetings.

Deleting authorizations

The created authorization can be edited with the exception of the name. To do so, go to the Permission Matrix (main menu Users -> Permission Matrix) and select the pencil icon.
It is also possible to delete an authorization. Note, however, that this is irreversible. Next to each created permission, there is a red trash icon on the right. When you click on it, the application will ask you whether you really want to delete the permission. Users with the permission that was removed will get the basic MobileUser role. 
Important ! The application cannot remove two basic roles: MobileUser and TakeTaskAdministrator
Additional privileges  MAGIC LINK  to the tab access to the account:
  • Can display Magic link (CanDisplayMagicLink) - in the Users section.
  • The permission causes the Magic Link settings tab to be visible in the profile. 
  • No permission results in no visibility of the view.
Article rating / Czy to odpowiedziało na Twoje pytanie? Article rating success / Dziękujemy za wiadomość There was a problem submitting your feedback. Please try again later.

Still Need Help? / Dalej potrzebna pomoc? Contact Us / Kontakt z nami Contact Us / Kontakt z nami

Related articles / Powiązane artykuły