(08-26-2020, 01:44 PM)remkonoteboom Wrote: A high level description of managing security can be found here:

http://community.southpawtech.com/docs/setup/manage-security/

This shows what the "access levels" mean.  These are high level access levels that provide the minimum level for a certain user without having to write specific rules for each item.  It also shows the interfaces for managing and customizing per group various access levels for search_types, sidebar links, etc.

Under the hood:

By default, a user can basically do and see nothing unless they are part of a group which contains access rules.  These rules allow access to various parts of the system including querying.  If you look at the login_group table in the sthpw database, you will see an access rules column with xml data that looks something like:

<rules>
  <rule group="builtin" default="deny"/>
  <rule group="builtin" key="view_side_bar" access="allow"/>
  <rule group="builtin" key="view_save_my_view" access="allow"/>
  <rule group="builtin" key="retire_delete" access="allow"/>
  <rule group="builtin" key="edit" access="allow"/>
  <rule group="gear_menu" submenu="Edit" label="Delete Selected Items" project="spin_master_demo" access="allow"/>                                                   
  <rule group="gear_menu" submenu="File" label="Export All ..." project="spin_master_demo" access="allow"/>                                                         
</rules> 

All security interfaces in the link above edit this xml document and the security engine makes use of these rules.  A user can be part of multiple groups and the total rules will be union of all the specified rules in all the groups.

For those programming in Python, you can create your own rules, but that is a blog topic for another day.

(08-26-2020, 01:44 PM)remkonoteboom Wrote: A high level description of managing security can be found here:

http://community.southpawtech.com/docs/setup/manage-security/

This shows what the "access levels" mean.  These are high level access levels that provide the minimum level for a certain user without having to write specific rules for each item.  It also shows the interfaces for managing and customizing per group various access levels for search_types, sidebar links, etc.

Under the hood:

By default, a user can basically do and see nothing unless they are part of a group which contains access rules.  These rules allow access to various parts of the system including querying.  If you look at the login_group table in the sthpw database, you will see an access rules column with xml data that looks something like:

<rules>
  <rule group="builtin" default="deny"/>
  <rule group="builtin" key="view_side_bar" access="allow"/>
  <rule group="builtin" key="view_save_my_view" access="allow"/>
  <rule group="builtin" key="retire_delete" access="allow"/>
  <rule group="builtin" key="edit" access="allow"/>
  <rule group="gear_menu" submenu="Edit" label="Delete Selected Items" project="spin_master_demo" access="allow"/>                                                   
  <rule group="gear_menu" submenu="File" label="Export All ..." project="spin_master_demo" access="allow"/>                                                         
</rules> 

All security interfaces in the link above edit this xml document and the security engine makes use of these rules.  A user can be part of multiple groups and the total rules will be union of all the specified rules in all the groups.

For those programming in Python, you can create your own rules, but that is a blog topic for another day.



Hello Tacticers,

I have a permission again now.

As I am going to manage the projects, I need a admin group now.

But even I change the Access Level to high and give all the permission of Access Rules.

The new admin group users still cannot do some thing like create new project or view the ADMIN VIEWS in the side bar. Even I can see the create button but on permission to create it.

Could you help me to gain the permission to a new group users, let the users have the same permission as default admin account?

Thank you very much.

Here are the settings imgs of the new group.