*iProtect™ Horizontal access rights

This manual represents the knowledge at the above-mentioned time. TKH security works non-stop to improve her products. For the most recent technical information please contact your consultant or dealer.

Table of contents

1. Introduction

This document explains how to implement horizontal access rights.

2. Support and license

Below is an overview of support for both the hardware and the software, including the necessary license:

Version

License

function

Version

License

function

= > 10.3.15

iProtect basic license

Authorization user group

3. How does it work

For example, horizontal rights can be used to separate departments and the associated rights. The system administrator of section A may not view the data and/or hardware of section B.

The example below shows a schematic overview of how horizontal access rights can be implemented. System user A may only see the data of department A, system user B may see the data of Department A and B and system user C may only view the data of Department B.

 

The authorization user group layer was added in iProtect version 10.03.15, in older versions the record access rights are directly linked to the system user.

4. Implementation

This chapter explains how the setup can be made in iProtect.

4.1 Record access rights

The record access rights is the link between the authorization group and the Authorization user group.

4.1.1 Setup Record access rights

In iProtect browse to menu: Installation | Authorization | Record access rights.

  • Right mouse click in the treeview dialogue and click Add record access rights.

Enter the following data:

  • Name: logical name for the record access rights.

  • Click “save”

4.2 Authorization group

An authorization group indicates for a record, which system users are allowed to see and operate on this record. You therefore indicate with the authorization group, how "secret" the record is.

A record is displayed to a system user only when at least one "record access right" is listed in the system user's authorization user group and one "record access right" in the authorization group is identical.

When an authorization group is not assigned to a record, the record is visible to any system user.

4.2.1 Setup authorization group

In iProtect browse to menu: Installation | Authorization | Authorization group.

  • Right mouse click in the treeview dialogue and click Add Authorization group.

Enter the following data:

  • Name: logical name for the authorization group.

  • Open the authorization group with the plus sign, then you can select one or more records via the Record Access Rights List.

4.3 Authorization user group

The authorization user group is the record that is linked to the system user. The group contains one or more access rights records that have a link to one or more authorization groups.

This layer was added in iProtect version 10.03.15, in older versions the record access rights are directly linked to the system user. In that case, the records can be linked to the system user one by one.

The record access right list can be found when the system user is opened with the plus sign.

4.3.1 Setup authorization user group

In iProtect browse to menu: Installation | Authorization | Authorization user group.

  • Right mouse click in the treeview dialogue and click Add Authorization user group.

Enter the following data:

  • Name: logical name for the authorization user group.

  • Open the authorization user group with the plus sign, then you can select the authorization user group sub groups, here are the list with the record access rights.

5. Implementation order

When implementing horizontal access rights on an existing system, we recommend using the following order, this prevents that during the implementation certain records are no longer visible or can be controlled by system users who still need to be able to do so.

  1. Create the record access right records.

  2. Create the authorization groups.

  3. Link the record access right records to the desired authorization groups.

  4. Create the authorization user groups

  5. Link the record access right records to the desired authorization user groups.

  6. Link the desired authorization user group to the system users.

  7. Link the authorization groups to the records in the system that should become invisible to certain system users