Object Security
Use Object security to define access permissions for a specific user to a specific object in the tree, or to an entire subtree. The permissions can be enabled, disabled or combined. This can be set up in ALVAO Admin.
For the permissions settings in the Objects Tree to take effect, you need to enable the option Use permissions in the Object Tree in the Admin settings for Asset Management.
Available permissions:
Read |
Permissions to display an object |
Make changes |
Permissions to edit object properties and to create sub-objects |
Move |
Permissions to move objects |
Delete |
Permissions to delete objects |
Note:
Object security can be set for entire user groups too.
Relations between permissions and roles in relation to the Objects Tree:
Role |
Read |
Make changes |
Move |
Delete |
Note |
Reader |
X |
|
|
|
|
Software license manager |
X |
|
|
|
Same permissions as Readers |
Accountant |
X |
|
|
|
Same permissions as Readers |
IT device manager |
X |
X |
X |
X |
|
Software and hardware detections manager |
X |
X |
X |
X |
Same permissions as IT device manager |
Asset system administrator |
|
|
|
|
Permissions cannot be restricted |
Note:
Blank fields means that there is a role-based restriction. If you create a rule with certain permissions, this will then have no influence on the Objects Tree of the specific user.
Warning:
If permissions are enabled in the Objects Tree, the following applies:
- Default rule – anything that is not permitted explicitly is forbidden by default.
- Restricting rules for an object have priority over enabling rules (except for implicit ones); this is also the case for inheriting sub-objects.
- Reading permissions are evaluated starting at the tree root, which means that an object cannot be displayed if the specific user has insufficient permissions to read all of its parent objects too.
- The order of the rules in the table has no influence on their evaluation. All rules with the above-mentioned restrictions are always evaluated.
Take utmost care to set permissions correctly.
Scenario: How to set permissions for administrator of mobile phones in the East Division
We want Mark Smith to become an administrator of mobile phones in the "Sales Department". We need to equip him with permissions to edit mobile phones, SIM cards and to move them from the warehouse to users (and back).
- Let us have a company tree:
- Go to Admin and make sure that the permissions are enabled for the Objects Tree: go to Manage – Asset Management – Settings..., click on the General tab and enable the Use permissions in the Object Tree option.
- Assign the Reader and Asset Manager roles to Mark Smith: edit the user, go the Asset roles tab and select the corresponding roles.
- Switch to the Object security tab and set the permissions based on the following table:
- If Mark Smith now logs in to the AM Console, the Objects tree should look like this:
- Mark can see objects registered under the Sales Department only.
- He can move mobile phones and SIM cards among users and to the warehouse.
- He can edit mobile phones and SIM cards; he can also edit their property values.
- He can create new mobile phones and SIM cards under objects of the type User and in the warehouse.
Did not find what you were looking for? Ask our technical support team.
|