Skip to main content
Mitratech Success Center

Set Permissions: Users, Groups and Roles

  1. User Quentin has all his Permissions left at the default (not set). This enables him to inherit all his permissions from the Groups and Roles to which he belongs.
  2. Quentin is added as a member of the Group Slough. The Slough Group’s Permissions are left at the default except Manage Custom Field Types is set to Allow.
  3. A Role named User is created and all the Permissions are left at the default (not set) except Manage Custom Field Types is set to Deny.
  4. A second Group is created called UK. Group Slough Office is added as a member of the Group UK. The Group UK’s Permissions are left at the default (not set) settings except Manage Storage and Manage Auditing are set to Allow. (Notice that when Manage Storage is set to Allow, View Storage is automatically set to Allow.)
  5. A new Role named Super User is created. The Group UK is a member of the Role Super User. The Permissions are all left at the default (not set) settings except Manage Storage and View Storage are set to Deny and Manage Auditing is set to Allow.

This can be represented as:

Applying the rules:

  1. Check for Explicit Allow/Deny for User (Quentin). None set.
  2. Check for Explicit User Role Deny. No User Roles.
  3. Check for Explicit User Role Allow. No User Roles.
  4. Check for Explicit Group (Slough Office) Deny None set.
  5. Check for Explicit Group (Slough Office) Allow Manage Custom Fields Types.
  6. Check for Explicit Group (Slough Office) Role (User) Deny. Manage Custom Field Types: ignore because Slough Office setting takes precedence.
  7. Check for Explicit Group (Slough Office) Role (User) Allow. None set.
  8. Steps 4 to 7 are repeated for Parents of the Parent groups (until there are no more Parent groups) and if no explicit permissions (i.e. directly selected and set permissions – not inherited permissions) are found, then Deny:

Check for Explicit Group (UK) Deny. None are set to Deny, therefore none set to Deny. Next, check for Explicit Group (UK) Allow. Manage Storage set to Allow.
Then. check for Explicit Group (UK) Role (Super User) Deny. Manage Storage: ignore because UK setting takes precedence. However, View Storage is set to Deny.
Finally, check For Explicit Group (UK) Role (Super User) Allow. Manage Auditing is set to Allow.

Which leaves Quentin with the following Permissions.

  • Manage Custom Field Types: Yes (Inherited: Group Slough)
  • Manage Auditing: Yes (Inherited: Group UK)
  • Manage Storage: Yes (Inherited: Group UK)
  • View Storage: Yes (Inherited: Group UK)

The remaining Permission are all No (not set).

  • Was this article helpful?