Staff / Settings / Authorization

On the authorization page permissions can be managed for a certain user or user group.

Use this page to manage both for end-users permissions and staff users permissions. Only users that have Is staff flag are allowed to log into the the staff panel, while staff users are not allowed to log into the end-users area (to avoid any confusion). Hence the permission applies for each user’s panel: staff user rights for staff panel and end-user rights for end-user panel.

../_images/settings-authorization-empty.png

In order to change permissions, search for a user or group in the autocomplete input field then after you select one, a detailed list will be displayed.

../_images/permissions-list.png

As you can see, permissions are displayed on 2 columns on desktops and 1 column on mobile screens. Each permission category is separated by a headline.

../_images/permissions-description.png

Hovering over a permission will display a tooltip containing the description of that item. You can switch on/off a permission by clicking on the whole row.

Effective permissions

A user has 2 checkboxes for each permission, the first one representing the value that is only assigned to his own permissions set, and the second checkbox, the disabled one, representing the effective permission that the user currently has for that action.

../_images/permissions-checkboxes.png

Effective permissions are calculated based on the values of permissions of the user groups that the user is part of, and his own permissions.

../_images/effective-permission.png

If the user is included in any group, a note will be displayed on top of the permissions list that tells about the effective permissions, and lists the groups that the user is part of.

../_images/user-in-usergroup-note.png

Once you finish managing permissions, click the Save button from the bottom of the list.

Permissions for user groups

Everything works the same for user groups, except that they don’t have effective permissions, as their permissions cannot be influenced by another permissions set values.

Trying to take action without having permission

If a user doesn’t have the effective permissions to take a certain action, the related buttons for that action are disabled or an error dialog will be shown like in the following image.

../_images/permission-error.png

Default permissions

Default permissions for every user or user group can be managed using Grant all permissions implicitly setting from see Advanced settings tab on General settings page.

How permissions work

Each user and group in Fleio may have a permission list associated (and stored in db). This permission list is created when save permissions is first used from Permissions tab or from the Settings/Authorization page. If no permissions list exists, then Fleio constructs one when needed based on Grant all permissions implicitly setting.

There is also the concept of effective permissions - these are the permissions that determine what an enduser can actually do in the enduser panel - these permissions are computed based on user permissions and group permissions (if user is in a group) using a logical OR operation. This means that if a permission is set on group or on user, then the user will have that permission.

When Grant all permissions implicitly is checked, the following happens:

1. If a new group is created or there is an existing group without saved permissions in the database, when editing permissions all permissions are checked.

2. If a new user is created or there is an existing user without saved permissions in the database, when editing permissions, all permissions and effective permissions are checked.

3. If a new user or an existing user without saved permissions is added to a group it will inherit group permissions as effective permissions (if the group permissions are not present in the database, a permission list with all permissions enabled will be generated).

When Grant all permissions implicitly is unchecked, the following happens:

1. If a new group is created or there is an existing group without saved permissions in the database, when editing permissions all permissions are unchecked.

2. If a new user is created or there is an existing user without saved permissions in the database, when editing permissions all permissions and effective permissions are unchecked.

3. If a new user or an existing user without saved permissions is added to a group, it will inherit the group’s permissions as effective permissions (if the group permissions are not present in the database a permission list with all permissions enabled will be generated).

So, if you want to change permissions for several endusers using groups, you can do the following:

  1. Create a group, set the permissions you want, and save the permissions.

  2. Add users to the group.

If the users added at step 2 do not have saved permissions in the database, then they will inherit permissions from the group and their effective permissions will reflect that. If the users have permissions saved in the database, those permissions will also be taken into account when determining effective permissions.