Admin/PermissionManagement

Permissions Management

Cumulus Permissions are controlled using the following functionality:

• Account Features. These are controlled by Emersion at the core of our system. They grant access to certain functionality and cannot be modified by the user.
• Modules (Permission Groups). These control access to pages, or parts of a page within Cumulus (for instance, a particular tab).
• Base Powers. These control access to certain functionality within a page or tab.
• Account Groups: These control access to which Organisational Units have access a collection of accounts.

In reality, the distinction between Modules and Base Powers is more complex than what is stated here, but these descriptions are a simple way defining and thinking these controls.

How Configurable User Permission Interact

The following Diagram gives you an idea as to how the user configurable permissions of Modules, Base Powers and Account Groups interact.

Example of a Particular Interaction of Permissions

• In this example, we can see that the the Retail Service Provider has granted access to cumulus for their store dealers, who sign up customers and sell mobile phones.
• Two roles have been created. One role has been granted Modules and Base Powers, and this Role Assigned to the Org Unit, so that the dealer can carry out their normal day to day functions.
• In addition, they have created another special role which will permit a dealer to order products, as they wish to restrict this to some dealers and not others, this role was also assigned to the Org Unit.
• An Account Group has been setup to group accounts by their geographic location, this particular account group is for Glen Waverley. Users assigned to the Glen Waverley Org Unit can only see Accounts in the Glen Waverley account group (Remember, an Org Unit can only be assigned to one Account Group at this time). When a user in the Glen Waverley Org Unit creates an account, because of the link between the org unit and the account group, the account is automatically put in the Glen Waverley Account Group (note: accounts can be moved in and out of account groups for those with sufficient access to specific parts of the system).

Current List of Modules/Permission Groups and what they permit access to

• The following zip file list the available Permission Groups for use, and what each permission group will grant access to.
• Remember that if one permission does not grant access to something, another does grant access and you assign both to a role, "ALLOW" access will always trump "DENY".
• You may encounter a situation where you need two permission groups, and one permission group inappropriately grants access to a module, but you still need it because of it's other functionality. If this is the case consult with Emersion.

• File:Permission Groups Module Controller Action.zip

Current Base Power permissions and what they grant access to

• The following file lists all of the available powers and what they permit access to.

• File:Current Powers List.zip

Module and Base Power access management

For a demonstration on how to setup module permissions in roles, and powers in roles, then associate those roles with organisational units (which directly translates to staff) see the below;

The media player is loading...