Skip to main content

User Rights

Robert Vestbjerg Bülow Skovborg
Updated

User rights are used to control the permissions a user has in SERTICA. In other words, they determine who may read, write, delete, etc.

Permissions are defined at the user group level (role-based access control). This means you control which rights a regular user, superuser, and administrator should have (it is also possible to create additional user groups).

Each user is linked to a user group, and through this, SERTICA knows what each individual user can access.

NOTE: If you are looking for explanations of the individual user rights, you can read about them in the other articles in this section.

A piece of advice

When introducing new users to SERTICA, it can be beneficial to apply the Principle of Least Privilege. This principle means that users should only be given the access rights necessary to carry out their specific tasks — no more, no less.

The purpose of this approach is to:

  • Reduce complexity in the system
  • Prevent information overload by removing information irrelevant to the user group
  • Support a better user experience and higher efficiency

Creating user groups and selecting permissions

User groups are created from the User Groups screen.

Permissions are then configured from the User Rights screen.

  1. The screen is opened from the setup menu in the top bar. By default, all user groups are shown as columns.
  2. If you want to limit the number of displayed user groups, you can toggle them via the “Select User Group” button. The available permissions are listed in rows. Rows are grouped based on the menu items in the main menu and sorted alphabetically.
  3. If you need to set rights for a specific screen, you can search for it on the left-hand side. When you select the item, the view on the right side automatically scrolls to bring the relevant permissions into focus.

NOTE: When a user right is changed, you must log out of SERTICA and log back in before the change takes effect.

The four standard permissions

Most screens use four standard rights: Read, Write, Change Log, and Delete.

Read

If you have read rights, you can open the screen and search for data.

If data should be searchable from another screen — e.g., when used as a reference — you also need read access.

Show in Menu

This right gives access to see an item (e.g., Jobs) in the blue menu on the left (see image below). You can access the screen through the menu.

Note: You can have read access to forms without having “Show in Menu” enabled. This is used, for example, when a user should see forms on Jobs but does not need access to the Forms screen where new templates are created.

Write

You can only edit or create new data on a screen if you have write rights.

Change Log

On all screens where data is created, you can view how the data has changed over time if you have this right.

Delete

You can only delete data if you have this right.

If the data you attempt to delete is used elsewhere in the system, it cannot be deleted until the reference is removed.
For example, if you try to delete a component that has jobs linked to it, you will see a dialog explaining that the component cannot be deleted until the jobs are also deleted.

Note: Some objects include an extended delete right — “Force Delete”. This right is intended for administrators only and should be used when there is a need to clean up data.

For example, if you have the “Force Delete” right on components, you can delete a component including subcomponents, jobs, and job history with a single delete action.

Special permissions

In addition to the four standard permissions, some screens have special rights — e.g., the ability to postpone jobs, reopen job history, adjust stock levels, and more.

Activating and deactivating permissions

The terms Activated and Deactivated are used:

  1. When a right is activated, it is in effect. This is shown by a checkmark in the box.
  2. When a right is deactivated, it is not in use. This is shown by an empty box.

It is also possible to activate/deactivate all rights for an item (e.g., Address) at once.

In the example above, rights are being set for Administrators. If you click on “Administrator”, you can choose to:

  • Activate all rights
  • Deactivate all rights

NOTE: When a user right is changed, you must log out of SERTICA and log in again for the change to take effect.

Related articles

Comments

0 comments

Article is closed for comments.