You are reading the documentation for an outdated Corteza release. 2024.9 is the latest stable Corteza release.

Permissions

The permissions interface can be accessed by clicking on the "Permissions" navigation item on the left navigation drawer under the system item group.

The interface allows you to define permissions for core system resources, such as accessing the the administration panel, creating users and so on.

To define fine grained access control for specific resources, such as modules and pages, see …​

The interface is devised to the following sections:

System service

The section allows you to control overall access and usage of admin panel (see System service permissions),

Organisations

The section allows you to control organization related access (see Organizations),

Applications

The section allows you to control application related access (see Applications),

Users

The section allows you to control user related access (see Users),

Roles

The section allows you to control role related access (see Roles).

System service permissions

Allow access to administration

Determines if the role is allowed to access the administration panel (the web application being defined here),

Grant permission on system service

Determines if the role is allowed to grant permissions on system service,

Access all settings

Determines if the role is allowed to access any setting defined under the system,

Manage all settings

Determines if the role is allowed to manage and edit any setting defined under the system,

Create new organization

Determines if the role is allowed to create a new organization,

Create new role

Determines if the role is allowed to create a new role,

Create new user

Determines if the role is allowed to create a new user,

Create new application

Determines if the role is allowed to create a new application,

Allow reminder assignment

Determines if the role is allowed to assign reminders to other users.

When denying access to system settings, this also prevents their usage from inside automation scripts or any other operation that might read these settings.

Organizations

Access to all organizations

Determines if the role is allowed to access any organization.

Applications

Access any application

Determines if the role is allowed to access any application,

Update any application

Determines if the role is allowed to update any application,

Delete any application

Determines if the role is allowed to delete any application.

Users

Read any user

Determines if the role is allowed to access any user,

Update any user

Determines if the role is allowed to update any user,

Delete any user

Determines if the role is allowed to delete any user,

Suspend any user

Determines if the role is allowed to suspend any user,

Unsuspend any user

Determines if the role is allowed to unsuspend any user,

Show email details

Determines if the role is allowed to see the email address of any user,

Show name details

Determines if the role is allowed to see the name of any user.

The ability to show/hide email address/name can be useful when defining a community instance and we wish to keep some privacy.

Roles

Read any role

Determines if the role is allowed to see any role,

Update any role

Determines if the role is allowed to update any role,

Delete any role

Determines if the role is allowed to delete any role,

Manage members for any role

Determines if the role is allowed to add/remove members from any role.