Fine-grained access control is crucial for enterprise systems. SERAM has a sophisticated access control system in place.

Permissions are combinations of a user or group (subject), a role and an entity. Permissions can be inherited from parent entities. FOr instance, if you have a BU with two sites S1 and S2 underneath, and you grand a inheritable permission to a user on the BU, then he will have this permission on the sites as well.

In SERAM, the following types of entities can directly be used in permissions:

• Global/Tenant
  • Indicator Tag (will apply to all indicators with this tag)
  • Structure Type
    • Structure Node (hierarchical)

The inheritance allows for simple, intuitive but very concise permission control.

Indicator values are related to both a structure and an indicator. Therefore, what a user can effectively do in regards of indicator values (e.g. enter values, change status, etc.) is determined by the intersection of both the structure and indicator permissions.