Scenarios
This section describes various scenarios that illustrate the consequences of using different authorization configurations.
In Authorization, you have configured, the following:
Situation 1: A user has the rights to modify the Space field, but is not authorized to view the Property field.
Situation 2: A user has rights to modify the Space field, and only authorized to view the Property field and not change it.
If the user modifies the Space field, the following will happen:
For situation 1: Planon will skip the Property field and not change it. Planon will not give an error message. When the user tries to save, an error message may be displayed.
For situation 2: Planon will change the Property field, even though the user is not authorized to change this field manually.
In Authorization, you have configured that a user is not authorized to view work orders:
Consider the following situation:
A standard request with standard suborders has been defined. If the user that is not authorized to view work orders wants to apply this standard request, the following happens: all the fields that are part of the request are filled, but the suborders are not created (even if the user indicated that he wanted to create the suborders).
In Authorization, you have configured that a user is not authorized to view some work orders fields:
Consider the following situation:
The user wants to apply a standard work order or standard request. What will happen? Planon tries to populate fields that cannot be populated because the user is not authorized to view them. In that case, Planon populates all fields for which the user is authorized and skips the ones the user is not authorized to view. Planon will not give an error message. Note: If a user has read-only rights to a field, Planon is still authorized to populate it.
In Authorization, you have configured the following:
Situation 1: a user has read-only access to the Department field of the Person business object.
Situation 2: a user has no access to the Department field of the Person business object.
If the user selects a person in department "FM" and chooses the Copy action, the following will happen:
For situation 1: the Department field of the new object (person) will be populated with the value "FM", even though the user is not authorized to change the value of this field manually.
For situation 2: the Department field of the new object (person) will be left empty (but the user does not see this field!).
Combining user groups
In the following section, some examples are given of the prevailing authorization if users belong to more than one user group.
• If the Read action is available in User Group 1 but not available in User Group 2, the Read action will be available for a user who is in both user groups.
• If the Property field of the work order business object is not available in User Group 1 but modifiable in User Group 2, it will be modifiable for a user who belongs to both user groups.
• Suppose User Group 1 has no filter on the Read action for Property (=users from this group are able to view all properties) and User Group 2 has a filter on the Read action that allows viewing properties in Amsterdam only. A user who belongs to both user groups will be able to view all properties.
• Suppose User Group 1 has a filter that allows reading properties in London only and User Group 2 has a filter on the Read action that allows viewing properties in Amsterdam only. A user who belongs to both user groups will be able to view the properties in both Amsterdam and London.
• Suppose User Group 1 has no filter on the Read action for Property (=users from this group can view all properties) and a filter on the Save action that allows modifying properties in London only. User Group 2 has a filter that allows viewing properties in the Netherlands and modifying properties in Amsterdam only. A user belonging to both user groups will be able to view all properties and can modify properties in Amsterdam and London.
• Suppose User Group 1 has a filter that allows viewing properties in the Netherlands and modifying properties in Amsterdam only. User Group 2 has a filter that allows viewing properties in Amsterdam and modifying properties in Amsterdam only. A user belonging to both user groups will be able to view properties in both Amsterdam and in the rest of the Netherlands and modify properties in Amsterdam only.