Webasyst offers a built-in mechanism for managing access rights for users of Webasyst-based apps and their individual functions (backend screens). Apps utilizing this mechanism allow you to flexibly set up access rights for individual users and user groups.
Setting up access rights for user groups may be convenient if your account is supposed to be accesssed by a large number of users with identical or similar responsibilities (e.g., specialists processing orders in an online store and working in shifts). In this case it is sufficient to set up access rights only for one group and to include desired users into that group; all access rights set up for the group will also be applied to its members.
Group rights setup
To set up users' and user groups' access rights, use the "Users" link in Contacts app backend.
Once you have added a group, use the “Customize access” link to define which kind of access shoulld be granted to the members of this particular group:
- Administrator: unlimited access to all apps.
- Limited access: option to select individual apps with different access rights for each app.
- No access: may be used to temporarily disable access to the backend for all members of the group (provided that they do not have personal rights set up).
If the “Limited access” variant is selected then you receive an opportunity to select access level for each app displayed in the list: “Administrator”, “Limited access”, or “No access”.
“Limited access” option may not be available for some apps.
If you select “Limited access” for an app then you can choose which individual functions of that app will be made accessible for the group members.
A user can be included in any number of available groups. For such a user, the widest access rights are applied among those set up for all his groups. For example, if there are two groups (“Group 1” and “Group 2”) with administrator (for “Group 1”) and limited (for “Group 2”) access rights set up for the Mailer app, then a user included in both of those groups will be assigned administrator access rights to Mailer because administrator access level is higher than the limited one.
Setting up personal access rights for group members
If you need to assign a higher access level to some of the group members then you can either set up them in each user’s properties or include such users in an additional group with extended access rights.
Adding a user in further groups or setting up personal access level for him can only extend user’s access rights and will never limit them.
If you need to limit access rights for some members of a user group, you may either exclude them from that group, or limit the group’s common access rights and then extend them individually (or include them in an extra group) for all remaining group members except for those whose access level should remain limited.
Setting up personal access rights without including in groups
A user does not necessarily need to be included in a group. If not included, a user is granted only his personal access rights.
If you need to raise the access level for such a user, you may either edit his personal access rights or include him in one or more groups with a higher access level.