Permission Model

Owned by Katsiaryna Tsitarenka
Last updated: Dec 21, 2023 by Tatiana Yarosh
8 min read

Permission Model is a part or Platform Administration Panel and it is available only for Admin role. To get access to Permission Model contact your organization’s manager to provide you with correspondence role.

What is Permission Model?

Permission Model is a Section in the Platform Administration Panel of DC Platform allowing to add rules, grant roles and add new roles for the Users of the Platform. 

The Platform consists of three main Sections: Unit, Roles and Rules (See Fig 1. ). The tab for the Unit Section is located in the upper left side of the dashboard, right under the Top Toolbar.

Figure 1: Homepage for Permission Model

Right under the Unit Section tab there can be seen the Hierarchy list of the Units available in the Platform Administration Panel, as well as a search field designed to facilitate the search through the list of the Units. 

The following steps should be taken to find the relevant Unit in the Hierarchy list to set up or manage permissions to the Platform Users: 

  1. Log in to the Platform Administration Panel,

  2. Find Permissions tab, 

  3. Find the Unit tab on the upper left panel, 

  4. Click the Unit tab,

  5. Find the relevant Unit in the Unit Hierarchy list. (see Fig. 4)

Units can be found also with the use of the search field, allowing to Search by Hierarchy. The User fills in search word in the searching field and the system generates all the relevant available matchings in the Hierarchy.  Hovering over the found Unit will show the full path of the tool tips. This feature is highly important while searching a Unit with the same or similar names, the tool tips show the full path and makes easier for a User to navigate (see Fig 2).

Figure 2: Permission Model - Navigation with search field

Finally, when the Unit is found and selected, the platform generates the full list of all Users having any role in the selected Unit. The roles of the Users are separated in two groups : Unit Granted Roles and Inherited Granted Roles (see Fig. 3).

Figure 3: Permission Model - Navigation to the full list of Users having roles in the Unit

The User has an option to delete or edit the list (see Fig. 4).

Figure 4: Permission Model - Editing or Deleting of Users having roles in the Unit

After the Edit icon is clicked a pop-up window appears. Here all the available roles of the User are visible and the Admin User can add another role to the selected User or delete the existing roles. It should be highlighted that window shows only the roles the User has in the selected Unit. If a role is deleted and the User does not any other role visible, the User is deleted only on the selected Unit. The User still has access to the platform if he/she has any other role in other Units.

The following steps should be taken to manage the list of the Users having roles in the selected Unit: 

  1. Find the relevant Unit in the Unit Hierarchy list, 

  2. System generates the full list of the Users having any role in the selected Unit,

  3. Find the relevant User in the Unit,

  4. Click Edit icon for the relevant User,

  5. Add or delete a role to the User (see Fig. 5).

Figure 5: Permission Model - Editing of User Roles in the Unit

However, it should be highlighted that all the roles should be created in the Roles Unit of the Platform in advance by platform administrator. After, the created role will appear in the drop-down list in the all the Units of the Platform.

 

The User has an option to Grant Role(see Fig. 6). Granting role adds new roles to existing list of user roles. It will not delete or override current roles. 

Figure 6: Permission Model - Grant Role option in the Unit

Navigation in the Roles Section

The Roles  is the second section available in the Permission Model of the Platform Administration Panel. The tab for the Roles Section is located in the upper left side of the dashboard, right under the Top Toolbar.

Figure 7: Homepage for Permission Model - Roles Section

When the Roles Unit is found and selected, the platform generates the full list of roles available in the selected Unit. The roles of the Users are separated in two groups : Unit Roles and Inherited Roles.

The User has an option to Add new role, Edit and Delete existing roles.

The following steps should be taken to Add Role, in the selected Unit: 

  1. Find the relevant Unit in the Unit Hierarchy list, 

  2. System generates the full list of Roles available in the selected Unit,

  3. Click Add Role  button,

  4. Write Role Name that should be created,

  5. Click Apply button.

  6. The newly created role will appear in the list of the roles available in the dashboard of the Unit (see Fig. 8). 

Figure 8: Homepage for Permission Model - Adding a Role in the Role List

In the Add Role window, the User can see the full path of the Unit, where the Role is added.

The Add Role window has Propagate on Child Units checkbox  and an Add Resource button.

By checking the Propagate on Child Units checkbox the User chooses to transfer the Role also to the Child Units available under the selected Unit. It means that granted role will provide access to selected unit and all child units.

By clicking Add Resource button the User has an option to select the Resource, where the Role will be located and the Access Type the User with the Role will have in the selected Resource. (See Fig. 9) 

Figure 9: Homepage for Permission Model - Add Resource

Five Access Type options are available to the selected for any Resource: 

  1. None - when the User does not have an option to see the Unit. The User will not have access to units and will not see units in the structure

  2. Restricted -(technical access type, must not be used for business purposes) one step higher access type compared to None. The User will not have access to units, but he will see units in the structure. 

  3. Read - one step higher access type compared to Restricted. The User can read the content of the Unit and edit cards. 

  4. Write - one step higher access type compared to Read. The User can Add any content in the Unit. 

  5. Manage- this is the highest access type. The User can read, add, delete or edit any content in the Unit.

It should be noted, that if the User has two different access types in the same Unit, the higher Access Type will be privileged. For instance, if a User has Restricted Access to a Unit and None access to any child unit available in the selected Unit, the User will still be able to see the content of the Unit.

Navigation in the Rules Section

The Rules  is the third section available in the Permission Model of the Platform Administration Panel. It allows users to create a simple rules that automatically assign roles on all users who has certain characteristics as user’s activity, assignment or attributes.

The Rules is an option for auto-gradation. This is an option for creation one general rule for the selected Unit and /or its child units. The tab for the Rules Section is located in the upper left side of the dashboard, right under the Top Toolbar. (See Fig. 10)

Figure 10: Homepage for Permission Model - Rules Section

When the Rules Unit is found and selected, the platform generates the full list of all rules available in the selected Unit. The roles of the Users are separated in two groups : Unit Rules and Inherited Rules.

The User also has an option to Add Rule.

The following steps should be taken to Add Rule, in the selected Unit: 

  1. Find the relevant Unit in the Unit Hierarchy list, 

  2. System generates the full list of Rules available in the selected Unit,

  3. Click Add Rule  button,

  4. Write Rule Name that should be created,

  5. Select the Role to the which the Rule should operate in the selected Unit from the drop-down list, 

  6. Select the Type of the Rule from the drop-down list, 

  7. Select the User Assignment, 

  8. Check the checkbox for  "Is Hierarchical Rule"  - if case if the Rule should also operate on Child Units,

  9. Click Apply button.

  10. The newly created rule will appear in the list of the rules available in the dashboard of the Unit (see Fig. 11). 

Figure 11: Homepage for Permission Model - Adding a Rule for the selected Unit

 

Three Types of Rules are currently available: 

  1. Assignment -Assignment based access regulations are applied 

  2. User Attribute - Assignment based on the Attribute of Users having a certain value, that is created upon creation of the Rule. For instance, users who came from Azure Active Directory will have 'userGroups' attribute with 'name' value. Deep understanding of system needed to use this rule type. 

  3. User Activity - Any active user who has an access to the platform, automatically gets under the User Activity Type, granted a Role as Employee with an Access Type Read for all the Units. This is a default regulation if you want to give role for all your employees.  

 

The list of the Rules of the Unit can be managed also functional icons available on the dashboard. The User can select to Enable/Disable, Apply, Edit or Delete the Rule. 

Functional descriptions for the icons: 

  1. Enable/Disable - The Rule is enabled/disable for the Unit and/or Child Units, 

  2. Apply - The Rule is applied within the Unit and/or Child Units. The function is to make sure that the new rule applies for all the Users with relevant assignments. Otherwise, the rule will operate only for new Users.

  3. Edit - The User can edit any option within the Rule, 

  4. Delete - The Rule is no longer applicable for the selected Unit and/or Child Units. Deleting of the rule will remove all granted by this rule roles.

Download data

In Permission Model, right opposite the Unit Section tab and Roles Section tab there can be seen the button 'Download' (see Fig.11 and Fig.12). The Admin can download data such as CSV file from Unit Section tab and Roles Section tab by clicking the button 'Download'.

CSV file contain a flat table with data from the tab, such as:

  1. For Unit Section tab: unit_id, unit_type, unit_name, user_id, user_id, user_email, user_name, direct_roles.

  2. For Roles Section tab: role_id, role_name, role_description, unitId, role_allowOverride, role_propagateOnChildUnits, role_permissions, default.

Figure 12: Homepage for Permission Model, Download button - Unit Section

Figure 13: Homepage for Permission Model, Download button - Roles Section

Â