User Access Control

User attributes refer to the properties or settings associated with a user account that control various aspects of how that user interacts with the system. These attributes can define user access, interface preferences, and the roles or permissions granted to the user.

Users

The access rights for individual users are set when the user is added to the database, but they can be adjusted at any point in the user’s profile.

Groups

Groups are app-specific sets of permissions that are used to manage common access rights for a large amount of users. Administrators can modify the existing groups in ERP, or create new ones to define rules for models within an application.

Access Rights

Access rights are permissions that determine the content and applications users can access and edit. These permissions can be set for individual users or for groups of users. Limiting permissions to only those who need them ensures that users do not modify or delete anything they should not have access to. Only an administrator can change access rights.

ACLs do not check individual records. They simply allow or deny the user from performing an operation on the model globally. If ACL denies an operation (e.g., no write access), NO record rule can override that.

ACL denial is final.

Record Rules

Record rules define the conditions under which a user can read, write, create, or delete records in a specific model.

Record rules work after ACLs and filter records. Record rules can only restrict, not increase privileges beyond ACLs.

ACL determines IF you can perform an action; Record Rules determine ON WHICH RECORDS you can perform it. ACL denial overrides everything.