Skip to main content
Mitratech Success Center

Client Support Center

Need help? Click a product group below to select your application and get access to knowledge articles, webinars, training content, and release notes or to contact our support team.

Authorized users - log in to create a ticket, view tickets status and check your success plan details.

 

Set Permissions: Users, Groups and Roles

  1. Last updated
  2. Save as PDF
  1. User Quentin has all his Permissions left at the default (not set). This enables him to inherit all his permissions from the Groups and Roles to which he belongs.
  2. Quentin is added as a member of the Group Slough. The Slough Group’s Permissions are left at the default except Manage Custom Field Types is set to Allow.
  3. A Role named User is created and all the Permissions are left at the default (not set) except Manage Custom Field Types is set to Deny.
  4. A second Group is created called UK. Group Slough Office is added as a member of the Group UK. The Group UK’s Permissions are left at the default (not set) settings except Manage Storage and Manage Auditing are set to Allow. (Notice that when Manage Storage is set to Allow, View Storage is automatically set to Allow.)
  5. A new Role named Super User is created. The Group UK is a member of the Role Super User. The Permissions are all left at the default (not set) settings except Manage Storage and View Storage are set to Deny and Manage Auditing is set to Allow.

This can be represented as:
Screen Shot 2017-08-02 at 1.27.01 PM.png

Applying the rules:

  1. Check for Explicit Allow/Deny for User (Quentin). None set.
  2. Check for Explicit User Role Deny. No User Roles.
  3. Check for Explicit User Role Allow. No User Roles.
  4. Check for Explicit Group (Slough Office) Deny None set.
  5. Check for Explicit Group (Slough Office) Allow Manage Custom Fields Types.
  6. Check for Explicit Group (Slough Office) Role (User) Deny. Manage Custom Field Types: ignore because Slough Office setting takes precedence.
  7. Check for Explicit Group (Slough Office) Role (User) Allow. None set.
  8. Steps 4 to 7 are repeated for Parents of the Parent groups (until there are no more Parent groups) and if no explicit permissions (i.e. directly selected and set permissions – not inherited permissions) are found, then Deny:

Check for Explicit Group (UK) Deny. None are set to Deny, therefore none set to Deny. Next, check for Explicit Group (UK) Allow. Manage Storage set to Allow.
Then. check for Explicit Group (UK) Role (Super User) Deny. Manage Storage: ignore because UK setting takes precedence. However, View Storage is set to Deny.
Finally, check For Explicit Group (UK) Role (Super User) Allow. Manage Auditing is set to Allow.

Which leaves Quentin with the following Permissions.

  • Manage Custom Field Types: Yes (Inherited: Group Slough)
  • Manage Auditing: Yes (Inherited: Group UK)
  • Manage Storage: Yes (Inherited: Group UK)
  • View Storage: Yes (Inherited: Group UK)

The remaining Permission are all No (not set).

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.