Items in the 'User' and 'User profile' container have tables to set permissions for the users of your 1202 system.
There are three different permission tables: for system sections, containers and views. When setting permissions for each of these, there are up to three options:
- Read: can be interpreted as 'read-only'. A user cannot edit, delete or manipulate anything from this section, container or view.
- Write: allows creating, editing and deleting items for containers or making changes to data within a system section.
- Control: gives 'super user' privileges, including deleting containers, views and altering system-wide resources.
Note: 'Control' permission should be granted with the greatest reserve. Imprudent use can result in permanent loss of data and can compromise system coherence.
Permissions are incremental. This means permission to 'write' is implicitly a permission to 'read', and 'control' implicitly gives 'read' and 'write' permissions.
The logic behind this is that you cannot edit items if you can't view them in the first place, and denying the ability to edit items (with 'write' permission) makes no sense when you are able to remove fields or entire containers ('control').
Info: Permissions take effect immediately. When you change permissions for a user that is logged in, that user will notice these changes while using the system.
The permission for the system section has some particular effects:
- Read: users can only view settings, trash, daemon status and saved imports.
- Write: allows recovering or deleting trash only from containers for which users have at least 'write' permission. Importing is allowed, but also with the requirement of at least 'write' permission for the affected container(s). Settings cannot be changed, nor is creating new containers possible.
- Control: recovering and deleting for all trash items, even if users have no permission for the particular container. Importing without the requirement of additional container permissions. Users can change system settings and create new containers.
When your 1202 system has a lot of users, you can benefit from 'user profiles'. This is especially true if permissions change often over time.
With user profiles, you can compose either a complete set of permissions or merely a blueprint and apply it to one or more users. When a user has a user profile linked to it, the permissions set by the profile are visible within the user item. They are indicated by pinstriped backgrounds.
If the same permission is set in both the user item and the user profile item, the highest 'ranking' permission applies. For instance, if 'write' is set in het user item and 'control' is set in the user profile item, the user is granted 'control' permission.
Any changes made to user profile permissions are applied the same way as changes to user permissions. They will take effect immediately.
Info: You can only link one user profile per user. It is encouraged to use a wide variety of user profiles to suit needs, because user profiles can easily be named, copied and deleted.