Permission management is a key part of best practices in inventory management and contributes to the smooth running and efficiency of your asset management project. In the following article, you will discover how Hector can help you ensure optimal permission management.
Legend
Available with Shield, Armor, and Castle plans
Available with Armor and Castle plans
Available with Castle plan
📝 Basic concepts
There are four main concepts that you will need to understand to properly setup permissions in Hector.
- Roles
- Departments
- Groups
- Users
Roles
A role contains permissions. Permissions give access to actions like viewing, creating, editing and deleting records. Some entities (like assets or loaners) have more actions available to them, like moving, reserving, printing, emailing and others. Each individual action is called a permission in the application. A permission within a role is broad and applies to all records in the application.
To recap …
- Roles contain multiple permissions.
- Roles and permissions cannot be used with individual records.
- A role can have multiple users.
- A user can only have one role.
Departments
Departments are used to further identify a user within their organization. They can be used to specify permissions against records. This means you can use departments to lock down access to specific assets, stockrooms, customers, vendors, places, users, or contacts. Users can only belong to a single department.
💡 Departments can be synchronized from external systems such as Active Directory or created directly in the application.
To recap …
- Departments can be used to restrict access to a record.
- Departments can be synchronized.
- A department can have multiple users.
- A user can belong to only one department.
Groups
Groups are used to add more options when segmenting users in the organization. They can be used to restrict access to records. This means you can use groups to lock down access to specific assets, stockrooms, customers, vendors, places, users, or contacts. Users can belong to more than one group.
💡 Groups can be synchronized from external systems such as Active Directory or created directly in the application.
To recap …
- Groups can be used to restrict access to a record.
- Groups can be synchronized externally.
- A group can have multiple users.
- A user can belong to multiple groups.
Users
Users can access the application and perform transactions like creating, editing, moving or deleting records. A user’s access is restricted by their permissions which they obtain through their role, as well as their department and groups.
To recap …
- A user can login to the application.
- A user inherits their broad permissions through their role.
- A user inherits record level permissions through their department and groups.
⚙️ How it works
Hierarchy principle
By default, permissions for a category will apply to its subcategories and their assets. However, it is possible to break this inheritance in order to configure more specific permissions per entity. Here is what is important to remember about this :
- When specific permissions are applied to a subcategory, they will override the permissions of its category.
- When you apply specific permissions to an asset, they will override the permissions of its subcategory and category.
Configuration
- This is the name of the permission. An information bubble is also available to give you more details about the permission and how it works.
- This message informs you whether the entity’s permissions have been inherited from its parent or whether they are specific to that entity (i.e., inheritance has been broken).
- The three options available to restrict access to the entity : by user(s), by group(s), and/or by department(s).
- This is a button that allows you to break the permissions inherited from the parent or restore the parent’s permissions.
- Option available for subcategories : This option allows you to apply the subcategory’s permissions to its assets when they have specific permissions.
🔒 Types of permissions
Management permission
Allows you to define which user(s) can perform actions on the entity (edit, delete, etc.). The actions that can be performed depend on the user’s role.
🔎 This permission can be configured for each stockroom, user, customer, vendor and contact.
View permission
Allows you to define which user(s) can view the entity.
🔎 This permission can be configured for each category, subcategory, asset and place.
Loans I Reservation permission
This permission is linked to Hector’s loan module. It allows you to define which user(s) can reserve the entity. It is important to note that a user who does not have any management rights over an entity may still have the necessary permissions to reserve it.
🔎 This permission can be configured for each stockroom, category, subcategory, asset and place.
Loans I Read-only permission
Allows you to define which user(s) can view loans without being able to perform any actions.
🔎 This permission can be configured on each stockroom that allows loans.
Loans I Approval permission
Allows you to define which user(s) will be able to approve or reject reservations that contain the entity for which this permission is applied.
🔎 This permission can be configured for each subcategory and place.
Operations I Requisition permission
Allows you to specify the entities that are visible in the catalog when creating a requisition form.
🔎 This permission can be configured for each category and subcategory.
Operations I Scoping permission
Allows you to compartmentalize inventories by stockroom when creating and processing requisition forms and purchase orders. Users assigned to a given stockroom will have exclusive access to its inventory.
🔎 This permission can be configured for each stockroom. To enable this permission, check the configuration below from the operations configuration page :
There you have it, you’ve made it through the roles and permissions guide in the Hector online asset management solution. If you have more questions regarding permissions, please contact our sales team who will be happy to explain in detail how permissions can help your organization take control of its inventory !