How to manage user permissions within naus products.
We have a range of products available within our naus platform. Each of these require individual access to be given to each user in order for them to open the tile from the platform.
Note: Product security permissions are set inside the individual product, naus only gives access to the product's tile.
naus Application Roles
Before a user can access a product and subsequently be provided permissions within an product, they need to be given a specific role. For Facility Management and all future products the only roles available are User and Product Admin.
User Role
The User role is applied to any application user that requires access to perform any function within the application, except for user permission management which is the responsibility of the Product Admin Role.
Users with this role will see the products tile appear on the naus platform main page. They will then be able to access the product any and any permissions applied to them will define what they see within the applications.
Product Admin Role
The sole purpose of the Product Admin role is to manage the security within the product. A user with this role will be presented with a section in the product called Admin where the product security is managed.
Assigning roles to users
Only a naus account administrator can assign product roles to users. They are able to assign the roles when editing a users account in the naus platform. See this article for details of
Product Permissions and Groups
Each product in the naus platform will have its own set of permissions for accessing features within in the product. These permissions are applied to a user, that requires access to the features, by registering a user for a group that has the permissions defined for it.
A group is a set of permissions that are relevant for users that are required to access the product in a specific way. e.g If the user can only run reports then they would need a group called Reporting Only. This group would then be given access to any reports available in the product.
Groups
Creating a group is only available to naus accounts with the applications Product Admin Role. When a user with this role accesses a product they should select the Admin -> Groups menu item to see a list of groups currently setup for a product.
From this form the user can create new groups and manage existing one.
Create a Group
To create a group click on the Create Group button. This will present the new group form which should be populated with a name and description. Any permissions required for the group should also be applied.
Press Save once the details have been entered.
Editing a Group
To edit a group select the action button then press Edit. This will present the group edit form when details can be changed.
Delete a Group
If a group needs to be deleted then pressing the Delete button available in the actions list will remove it.
If there are still members of the group then the system will present a warning message indicating that the process can not be undone and the users of this group will be moved to the Default group.
Users
Any naus platform users that have granted the products user role in the naus account administration are, will appear in the Users list displayed when selecting the Users menu item under the Admin menu.
Changing a Users Group
A user can only be a member of one group. When a user is first added to the product from the naus account admin area, they will be added to the default group and be granted any permission assigned to it. To change a user to another group, use the edit button available for the user listed. This will then present the option to change the users group.
Clicking on the Change Group button will present a form with a drop down list of all groups available. Select the group to apply to the user and then press save.
Once saved the user will be granted the permissions and if they are logged on they should see that change with in a short period of time. (The do not need to log in again to see the new permissions). If they have a permission revoked then they will also see that removed within a short period of time.
Inactive Users
If a user is removed from the tenancy they will still appear in the users list but will be indicted as removed. If the user is granted access against then the previous security permissions will be applied.
Note: It is possible to change the group for an inactive user.