Rights Profiles in Novulo

Every Novulo Application contains Rights Profiles.

This functionality allows you to control access to all parts of your application, on two levels:

  1. GUI-level
  2. Database level

Rights profiles at GUI level

The GUI level controls what menu’s, pages, tabs, forms, grids and buttons you can see in the application.

The Database level controls, for each record type, if you can view, add, edit or delete the records, down to field level. Access on database level applies to all methods to access the application, including access through REST API, Export or Import.

Every user is linked to 1 Rights Profile. For more information in combining rights profiles, see Rights profiles - merge functionality.

Rights profiles can be found in every application at Application Maintenance > Users > Rights Profiles.

image

By default, every application has an Administrator profile, which has all rights.
Administrator then can add additional profiles.

When you open the profile, you see both levels of access:

Nested under root, the GUI level has the name of your application. The Database level is listed under Database.

As this is the Administrator profile, all access is granted, as shown with the green checkmark: image

For all levels:

  1. Changes in the Rights Profiles are stored immediately - there is no “Save” button
  2. Changes come into effect the first time a user logs in after a change. Users who are logged in are not affected automatically. Changes to your own profile are applied immediately, except for adding database rights.

Within the rights profiles, it’s explicitly stored if the access level has been set, irrespective of the level.

When an application is updated and new fields or buttons are added, these are set to the ‘no information’ level and are red.

Users don’t get access to new features by default; administrators can easily recognize which parts need assessment.

The Administrator profile is an exception: this profile will always get access to all new functionality.

Novulo Rights profiles at GUI Level: basics

On the GUI Level, you see the Toolbar, and then all menu’s that you also have at the “All apps” menu.

When you open a menu in the GUI level, you see all elements that are listed here.

For each level in the menu, you are able to change Visibility from Yes to No.

On the right side, there is are a few options to assist you in the process:

  1. Set no rights for selected subtree - applies to every element below
  2. Set all rights for selected subtree - applies to every element below
  3. Copy settings from other profile

This applies to all aspects in the tree.
The checkbox ‘only for missing nodes’ will make that the selection only applies to the ‘red’ nodes, the items that have been added since the last release and are not explicitly assigned.

GUI level: details page

In the set-up of Novulo, all pages are primiraly defined in the Settings and Overviews pages.
Pages can then be accessed through various menu’s.

For example, the generic Products page can be accessed through “Sales > Sales products” and “Purchase > Purchase products”. They show the same page, but are filtered on specific characteristics.

Through the menu’s Sales > Sales products and Purchase > Purchase products, you only have the Menu item, grid and grid buttons.

Every page is defined only once, and this can than typically found through Application Maintenance, and then the specific Views or Settings page. The views they are in correspond with the views menu’s and the Architect Model.

image

Exception: General Views and Management Views are displayed under “Management” to the users, but are separate in the profiles.

In this example, Products are in General Views. When clicking here, the individual forms and rows are all displayed,

The pages that are listed under “More” menu, are at “Tabbed panel” in the Rights profiles.

New rights

As mentioned above, when an application is updated with additional functionality, the new pages, forms and rows are marked as new and have no access by default.

Nodes that are new need to be checked by the System Administrator to grant or reject rights.

Best practice: always make sure to check all new rights after a release

As you can see, new nodes and parts of nodes are clearly indicated in red. On the right side, you see the elements of the new node.

The buttons “Previous new node” and “Next new node” are useful to navigate quickly through all nodes without needing to manually search and expand the tree.

Database rights

Database rights are at the core of the Novulo Data handler and affect all access to the data of the application. They are integrated with every part of the application, including export, import and REST.

Database rights are set at Record type or Database table level.

Database rights per record type (table)

In the database tree, you see all tables. There are 4 columns displaying the table access rights.
When you click on a table, you see the rights displayed with the three radio buttons.

image Access
image No access
image Conditional acess

Access defines if you can view the record at all. When you have no access, you can’t do anything with this record: it doesn’t just block viewing, it also blocks Adding, Deleting and Editing.

Add, delete and edit define the rights to add, delete and edit records of this type.

Conditional makes it possible to grant rights only to records with a specific condition, based on the information of the record.

Tables in red are tables that have never received rights yet. By default, they have no rights.

image

Database rights per field (column)

When clicking on a table, the application shows all fields in the table.

For the fields, rights can be set on Visible and Editable. Just like with the table, rights can be set to.

  1. Yes
  2. No
  3. Conditional

Table access is always strong than field access. If you don’t have Access rights to the table as a whole, individual rights on fields level are discarded.

How can I set an entire directory tree to read-only, without changing all permissions, but only setting it to read-only?

1 Like

I’d like to know this as well! @Joost