Authorization Levels

Authorization Levels

After upgrade from Pantheon of version 1000200 or later to version of 1000210 or earlier, all permissions of Pantheon users that were in older versions members groups are DEFINED. After upgrade, user should be removed from group and his permissions must be removed/undefined and then put user back in group in order inheritance from group is possible.

The authorization tree is similar in structure to PANTHEON's main menu. It is used to restrict access to individual functions or function groups, either program-wide, for user groups or for individual users.

Authorizations are cascaded down in the authorization tree. For example, if you grant read access to the Settings node, all nodes below it (Subjects, Assets, etc.) will inherit it. Of course, the authorization level of those lower-level nodes can be changed.

Available authorization levels: none (no access) read write delete (highest, full access)

All Pantheon users with permissions are displayed. Inactive users are displayed in red color.

Also see sorting permissions and users.

	Pantheon user with zero defined parmissions is not displayed and can be added by keystroke combination of CTRL+Insert. Removing permissions to a user can be done with CTRL+DELETE keystroke combination. By removing/deleting user permissions you can remove premissions for all users and groups. In this case you lock yourself out of the Program. You can no longer login to Pantheon. See Apply button.
	Also see Adding undefined permissions on user level.
	Right-mouse click on authorization menu:

Multiple records can be selected by combination of:

• CTRL+Mouse click
• SHIFT+button up/down or mouse click
• CTRL+A (select al)

When a single permission is changed, it is changed for all selected users.

Also for document types:

The following parameters can be set for each node in the authorizations tree:

Defined	Entity permission is defined or has no permissions.
Acquired	Marked (checked) when permissions are inherited from the usergroup when user is assigned (add) to the usergroup. Not marked (unchecked) permissions; that are set at the user level.
Full	Setting full or none permissions. If there are existing child entities that are not explicitly set, will also take effect.
Inherited	Permissions that are inherited from a parent entity.
Read	Read-only; such features can be only viewed.
Write	Write - data can be viewed, entered and changed.
Delete	Delete - full access; data can be viewed, entered, changed and deleted.
None	None - no access; such features are hidden.
Update period	Back for X days - used for authorizations for single documents; this parameter specifies for how many days in the past the user can change or delete documents. Examples: 0 = the current day, 1 = the current day and the day before, 30 = thirty days back, -1 = unlimited; documents can always be changed or deleted. See also Time Limit for Changing Documents.

When setting permissions for specific user or group, there is no option for selecting user, groups or user/groups. When setting permissions for all users, then also user, group and user/group selection is possible. When removing only groups, also users are removed that are members of groups and have permissions of the group.

For setting permissions, see also right click menu options.

	Authorizations without proper user identification are useless. If using authorizations, make sure users log on with their individual user names and passwords. It is also recommended to set a minimum password length to minimize unwanted intrusions.
	In some cases, (e.g. Items register authorizations ), only two authorization levels are available: None and Delete. Select and Update are not used, but if they are nonetheless selected, they count as Delete.