90 lines
2.9 KiB
Plaintext
90 lines
2.9 KiB
Plaintext
# Roles specifications
|
|
|
|
From case https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/1809
|
|
|
|
RAVEN will replace security rights system of v7 with a role based system instead
|
|
I'm using an int flags enum which means a maximum of 32 possible roles unless I bump it up to a long but don't really want to as this number will be thrown around the api a lot
|
|
|
|
|
|
|
|
TODO: Fill this out as I code.
|
|
|
|
**DELETE RIGHTS***
|
|
If you can modify an object you can delete an object
|
|
|
|
|
|
**OWNER LIMITED ROLES**
|
|
Limited roles in some cases can create an object but can only edit or delete objects they created
|
|
|
|
## ROLES
|
|
|
|
### None
|
|
No rights, not settable, just for internal usage in code
|
|
|
|
### BizAdminLimited
|
|
Intended for a business administrator / supervisor who wants to monitor the business, kpi, reporting etc, but doesn't actually get to change anything.
|
|
Suitable for the "big boss" who isn't trusted to make actual day to day decisions but can review anything.
|
|
|
|
**RIGHTS**
|
|
- Read only access to everything (except OPS stuff)
|
|
- Full access to management reporting, KPI etc, but can't change them substantially, just sort, filter etc.
|
|
|
|
|
|
### BizAdminFull
|
|
|
|
Basically the v7 manager account stuff with full rights to everything other than OpsAdmin stuff.
|
|
|
|
**RIGHTS**
|
|
- Full access to all AyaNova objects with the sole exception of OPS related stuff
|
|
- Grants roles to other users
|
|
- Licensing
|
|
- Business related configuration settings
|
|
- Form customization
|
|
- Localized text customization
|
|
- All management and KPI stuff
|
|
- NO Operations rights at all so no setup, or troubleshooting logs or technical details
|
|
|
|
### DispatchLimited
|
|
|
|
### DispatchFull
|
|
|
|
### InventoryLimited
|
|
|
|
### InventoryFull
|
|
|
|
### Accounting
|
|
|
|
### TechFull
|
|
- consumes a license
|
|
- Can create their own workorders and schedule themselves on them but can't schedule others, that's dispatch job
|
|
- Some areas of workorder are still not availble if they are related to other roles such as accounting etc
|
|
- Not able to see part costs or % markup or any data not absolutely essential to doing their job
|
|
- Can create unit
|
|
- Can create client
|
|
|
|
|
|
### TechLimited
|
|
- CONSUMES A LICENSE
|
|
- Can make entries into existing workorders, add rows to existing areas in the workorder but can't add a new area or create a new workorder
|
|
|
|
|
|
|
|
### SubContractorLimited
|
|
Like a tech limited but more limited in some ways to be determined (mostly not seeing any private data).
|
|
Can make entries into existing workorders, add rows to existing areas in the workorder but can't add a new area or create a new workorder
|
|
|
|
### SubContractorFull
|
|
|
|
### ClientLimited
|
|
|
|
### ClientFull
|
|
|
|
### OpsAdminLimited
|
|
|
|
### OpsAdminFull
|
|
backup, troubleshoot, dashboard of throughput, db administration, all the stuff needed to keep RAVEN up and running and monitor any issues in operations of it,
|
|
nothing to do with business stuff or actual business data
|
|
|
|
|
|
|