Authorization Levels
Authorization Levels
 |
After upgrade from Pantheon of version 1000200 or later to version of 1000210 or earlier, all permissions of Pantheon users that were in older versions members groups are DEFINED. After upgrade, user should be removed from group and his permissions must be removed/undefined and then put user back in group in order inheritance from group is possible. |
The authorization tree is similar in structure to PANTHEON's main menu. It is used to restrict access to individual functions or function groups, either program-wide, for user groups or for individual users.
Authorizations are cascaded down in the authorization tree. For example, if you grant read access to the Settings node, all nodes below it (Subjects, Assets, etc.) will inherit it. Of course, the authorization level of those lower-level nodes can be changed.
 |
Available authorization levels:
- none (no access)
- read
- write
- delete (highest, full access)
|
All Pantheon users with permissions are displayed. Inactive users are displayed in red color.

Multiple records can be selected by combination of:
- CTRL+Mouse click
- SHIFT+button up/down or mouse click
- CTRL+A (select al)
When a single permission is changed, it is changed for all selected users.

Also for document types:

The following parameters can be set for each node in the authorizations tree:
Defined |
Entity permission is defined or has no permissions. |
Acquired
|
Marked (checked) when permissions are inherited from the usergroup when user is assigned (add) to the usergroup. Not marked (unchecked) permissions; that are set at the user level.
|
Full |
Setting full or none permissions. If there are existing child entities that are not explicitly set, will also take effect. |
Inherited |
Permissions that are inherited from a parent entity. |
Read  |
Read-only; such features can be only viewed. |
Write  |
Write - data can be viewed, entered and changed. |
Delete  |
Delete - full access; data can be viewed, entered, changed and deleted. |
None  |
None - no access; such features are hidden. |
Update period
|
Back for X days - used for authorizations for single documents; this parameter specifies for how many days in the past the user can change or delete documents. Examples:
- 0 = the current day,
- 1 = the current day and the day before,
- 30 = thirty days back,
- -1 = unlimited; documents can always be changed or deleted.
See also Time Limit for Changing Documents.
|
When setting permissions for specific user or group, there is no option for selecting user, groups or user/groups. When setting permissions for all users, then also user, group and user/group selection is possible. When removing only groups, also users are removed that are members of groups and have permissions of the group.
For setting permissions, see also right click menu options.
 |
Authorizations without proper user identification are useless. If using authorizations, make sure users log on with their individual user names and passwords. It is also recommended to set a minimum password length to minimize unwanted intrusions. |
 |
In some cases, (e.g. Items register authorizations ), only two authorization levels are available: None and Delete. Select and Update are not used, but if they are nonetheless selected, they count as Delete. |