User Roles and Permissions Overview
Permissions relate to the specific ability to perform an operation, including viewing, modifying and adding information, or which types of information a user can interact with. Examples are the ability to view a Formulation Composition or Modify a Raw Material. There are hundreds of possible variations of permissions and they can be allocated to Roles or Users.
There are different types of Permissions:
Operation permissions relate to core functions e.g. Add a Raw Material, Modify a Formulation.
Raw Material and Formulation permissions interact with Operation permissions, defining the item classes to which the operation permissions relate. For example a user could have ‘Modify a Raw Material’ permission and is allowed to modify raw materials in the Fragrance item class but not in the Regulatory item class.
Entity Properties permissions further specify what type of information is visible for a user. For example a user who can modify Fragrance raw materials may not have the permission to see raw material cost.
Event permission show which events the user is subscribed to. This is an area for future development within the software.
Project permissions show which project templates the user is allowed to interact with.
Document permissions are handled differently to the permissions above. They are controlled in the Document Type and allow you to control who can print a document and under what circumstances. For more information see the Documents Overview.
Operation permissions relate to the different tasks and operations in the application and many relate directly to menu items. They indicate which operations are allowed to be performed, for example the permission to use Modify a Raw Material. Permissions on operations interact with other permissions, e.g. Permissions on Raw Materials – here you specify which class of item the permission applies to. For example a User may have permission to Modify a Raw Material, but if they also need Permissions on Raw Material.
Raw Materials Permissions
You can allocate Raw Material permissions to a Role or User using Raw Material Permissions, for example the ability to View, Create, Update or Delete a raw material by item class. These permissions interact with Operations permissions.
You can allocate general Formulation Permissions to a Role or a User using Formulation Permissions, for example the ability to View, Create, Modify or Delete a formulation by item class. These permissions interact with Operations permissions.
In order for a User to view formulation compositions, they must have the permission ‘View a Formulation Composition’. They can view the compositions by the item classes identified in the Formulation Permissions.
Permissions to view or modify a formulation composition can be given on a case by case basis in the ‘Security’ tab of View/Modify a Formulation. A user who is a Viewer here can view the formulation and composition. A user who is a Modifier can modify the formulation and the composition.
Permissions on Entity Properties
These permissions further specify what kind of information can be seen for the Raw Materials and Formulations, for example, by removing or allocating the ability to see Cost, Properties, Composition, Customers or Suppliers. In this way a User with permission to View Raw Material class A, may be able to see the Properties but not the Cost or Suppliers.
Permissions on Events
Event permissions allow the user access to change their subscriptions to events. So, if a User has the Event Permission ‘Accepted Job’, they can choose to subscribe to this event in Update My Settings. Events will be expanded in the future.
Roles are included in the application as a way to manage permissions for Users with similar requirements. For example, there may be several Users who all need similar functionality, such as the ability to Print Documents and look up basic Raw Material and Formulation information. Rather than set the permissions to each individual User, the permissions can be given to a Role e.g. ‘Document Producer’. Specified Users can belong to this role, from which they inherit Permissions. Their permissions can be further modified individually if needed.
The Formpak system comes pre-loaded with some initial Roles to help set up new Users. These Roles are collections of Permissions on Operations. The Permissions on Raw Materials, Formulations and Entity Properties need to be set for the Role or individual Users. The system administrator can use and modify these Roles, or add new Roles. Users can belong to one or more Roles from which they inherit Permissions. In addition it is possible to allow further permissions on a per User basis.
In Formpak Enterprise Edition, Operations have a license level which relates to the license cost. These license levels can be seen in Manage a User’s Permissions on Operations and Manage a Role’s Permissions on Operations.