Access Control List, or ACL.
The access right is the ability to see certain system objects and carry out authorized actions with them. In the first place, the access rights are applied to the macro objects of the system such as accounts (resources), units, users, unit groups, and retranslators.
The access rights are established primarily by the service manager in the CMS Manager interface. However, some features can be available to the end user. Any users of the system, including managers and end users of any level, can be rights holders.
When you create a user, you can grant them access rights on the Access tab. You can also establish the rights on the same tab in the properties dialogues of the system objects.
Types of rights
The set of standard rights that can be applied to any type of macro object includes:
- View item and its basic properties
- View detailed item properties
- Manage access to this item
- Delete item
- Rename item
- View custom fields
- Manage custom fields
- View admin fields
- Manage admin fields
- Edit not mentioned properties
- Change icon
- Query messages or reports
- Edit ACL propagated items
- Manage item log
- View and download files
- Upload and delete files
Find more about standard rights here.
Besides, for each object type, there are special rights, that is, a proper list of allowed and forbidden actions that are individual for this particular type of object. For instance, the unit ACL includes a special right to create, edit and delete service intervals, the user ACL contains the right to act as a given user, the resource ACL has the right to create, edit, and delete geofences, and so on. See more information about special rights for each type of object on the following pages:
On the Access tab of every object, the rights are divided into two sections. The left section displays standard rights, and it is the same for any type of object. The right section contains special rights, and its contents depend on the type of the object to which the access is set.
Hierarchy
When assigning rights, it is important to maintain the hierarchy.
- The user-creator has full rights to the created object. Only the user of the higher level can limit these rights.
- It is impossible to give a user more rights to an object than the creator of this user has to the same object.
- A user who has transfer rights can transfer the rights to other users. However, the user can not transfer more rights than they have themselves.