Security

In One ERP the security is based on privileges granted on entities tied to a part of the organisation (the scope of the grant). Privileges can only be granted on roles and then users are mapped to one or many roles.

The available privileges are:

1. entity_get - the privilege to read an entity (also applied for FETCH queries that include the entity)

2. entity_insert - the privilege to create an entity

3. entity_update - the privilege to update an entity

4. entity_delete - the privilege to delete an entity

The available scopes:

1. All - the privilege is for all entities throughout the system

2. Organization - the privilege applies only for the entities within the organization of the user

3. BusinessUnit - the privilege applies only for the entities within the business unit of the user

4. Owner - the privilege applies only for the entities owned by the user

5. None - restricts the user from the privilege (this is the default value)

Examples

You want to create a role named "Workers" for which all users belonging to it will have the privilege to read all the tasks in their business unit and the privilege to create, update and delete only the tasks owned by the user. Here is how to configure it:

If you wish to create a supervisor role with reading and deleting privileges for all entities and the possibility to assign entities to other users within its department, the security is configured as follows:

Daca se doreste ca rolul supervizor sa aiba drepturi de citire si stergere pentru toate entitatile si posibilitatea de a atribui entitati altor persoane din departamentul sau securitatea se configureaza astfel: