Introduction to permissions
Permissions consists of granting access to certain parts of the data and/or display the software to groups of users by using permissions profiles.
The permissions page can be accessed from the tree by the Account admin:
The page consists of a display of the different groups and rules. Each Groups or Rules can be edited by clicking on its title. A new Group or Rule can be created by clicking on the Add New Group and Add New button.
Groups were created to be able to join a set of users under certain options for the software as well as certain permission profiles. Ultimately Groups are the main control for permissions for the software.
The group options includes:
- Group Name
- Group Description
- Group Access selection (Admin / Management)
There are two different options that can be selected for a group.
- Admin access
The Admin access gives access to the ribbon bar Admin in HH Data Management. The Admin access for the software was designed to give access to a limited number of people, who are permitted access to the creation of entities, specs and/or different categories and configuration.
- Management access
The Management access gives access to the ribbon bar Management in HH Data Management as well as the Event Management worksheet under the Championship ribbon bar. The management access was created to give access to some global inventory or templates as well as the event creation.
- 1 Admin user that is in charge of database maintenance
- 2 Management users per championship to organize inventories and event creation (Lead engineer + Crew chief)
A user that does not have admin nor management access will not have the ribbon bar available in the software:
Users in Group
Selection of the users in the Group:
For example, if a user is given access to the full championship in one group and only one event in another group, he will have access to the full championship.
Permission Profile in Group
Selection of the permission profile for the Group:
Permission profiles were created to be able to combine permissions on both the data (championship, event, cars,...) and the display inside the client software (worksheets) and the API access. A Permission profile is the combination of Data Rules, Client UI Rules and API Rules.
Permission Profile Options
The permission profile options consists of:
- the profile name - used to represent the profile in the group selection
- the profile description
The data rules represent the data accessible by a certain profile.
Client UI Rules
The client UI rules represent the data visible and modifiable by a certain profile.
The API rules represent the interaction possible with the API by a certain profile.
A new rule can be added using the Add New Data Rule Button:
The different levels of rule type are:
|Project||Currently not in use|
|Championship||Full access to a specific Championship (all events / all cars)|
|Event||Full access to a specific Event (all cars from then event)|
|Car||Full access to a specific Car (all championship / all event)|
|Event/Car|| Access to a specific Event and a specific Car
When adding a data rule, you have to fill in the name and a short description, as well as the rule type:
As an example, if you want to give a group access to a specific championship only, it would look like this:
Once created, the data rule created will be displayed inside the Data Rules tab:
Multiple data rules can be created to be used by a single group. The rules are controlled by the operator AND or OR.
Use OR when you want the user to have access to all Data Rules.
Use AND when you want the user to only have access to the data that intersect all the data rules.
Client UI Rules
The worksheet rules control access to the different worksheets inside the software. The different permissions levels for the worksheets are:
|Inherit||The rule for the specific worksheet is inherited from the parent node.|
|None||The user doesn't have access to the worksheet|
||The user can view the data and use all export functions but can't modify the data|
|Read/Write||The user has full access to the data|
When a worksheet inherits the permission from the parent node, it will be in italics with the colour of the correct permission. For example, by default, all nodes are inheriting from the main node and are in Read/Write permissions:
When changing a permission of a specific node, the node will turn Bold to show that it doesn't inherit from the parent node but has it's own permissions. For example, if we decide not to give access to the Setups to a certain group we would change the Setups permission to None:
In this example, by default we gave the technician a read access. Then we overruled that by giving them full access to every worksheet linked to tyres so they could perform their job. We also removed the access to the setup worksheet.
The API rules allows for granularity in the data accessible and modifiable from the API.
For each definition, a rule can let the user Create, Read, Update and Delete. For each definition, a user can have access to all parameters or only selected one.
Example of a rule that let a user access only the 4 cambers in read only mode: