Fine-grained access control is crucial for enterprise systems. SERAM has a sophisticated access control system in place.
Permissions are combinations of a user or group (subject), a role and an entity. Permissions can be inherited from parent entities. FOr instance, if you have a BU with two sites S1 and S2 underneath, and you grand a inheritable permission to a user on the BU, then he will have this permission on the sites as well.
In SERAM, the following types of entities can directly be used in permissions:
- Indicator Tag (will apply to all indicators with this tag)
- Structure Type
- Structure Node (hierarchical)
The inheritance allows for simple, intuitive but very concise permission control.
Indicator values are related to both a structure and an indicator. Therefore, what a user can effectively do in regards of indicator values (e.g. enter values, change status, etc.) is determined by the intersection of both the structure and indicator permissions.
- Security and Access Control