Managing Permissions
In Kahua, user permissions are managed in the Groups application. Permission levels for applications are assigned to groups, and then users are added as members of those groups.
Permissions follow the inheritance model. They can be assigned to a group at any level in the hierarchy, from the root domain down through partition and project levels, and those permissions will be inherited down through the hierarchy until they are overridden at a lower level.
In the same manner, users can be added to a group or removed from a group at any point in the hierarchy. They can be added to a group at any level in the hierarchy, from the root domain down through partition and project levels, and their access to those partitions and projects will be inherited down through the hierarchy until they are overridden at a lower level.
Important When a user is added to a group at a partition or project in the hierarchy, they are added to all partitions or projects below that level as well.
When a user is removed from a group at a partition or project in the hierarchy, they are removed from all partitions or projects below that level as well.
The majority of applications have permissions that use the levels listed below. Some applications will have fewer roles, some will have additional ones. The principle is the same for the levels across apps, but the specific actions allowed may vary from one app to another. In order from most permissions to least, the levels are: Administrator, Moderator, Contributor, Observer, Referencer.
The specific actions that each level allows in an application are listed next to the level name in the section for that application on the group's Permissions tab.
There is an additional level that can be selected, LimitedView. This role works differently from other roles in that it does not grant access to any documents within an app. Instead it is a restrictive role which will remove the following actions: Log, Quick Print, Send, Download, Export, Process, View PDF. It is intended to be used in conjunction with the traditional access granting roles like Contributor and Observer.
Example Users that are a member of a group assigned the Observer and LimitedView roles will have the ability to view all records in an app, but will not be able to Send, Download or otherwise access the restricted functionality.
For information on assigning permissions in groups, refer to Manage permissions for a group. For information on permissions for a specific app, refer to that app's documentation.
The following roles are available in most applications:
| Permission | Description |
|---|---|
| Administrator | Configure and perform all operations in the app. |
| Contributor | Contribute content to the app. |
| LimitedView |
The LimitedView role works differently from other roles in that it does not grant access to any documents within an app. This is a restrictive role which will remove the following actions: Log, Quick Print, Send, Download, Export, Process, View PDF. This role should be used in conjunction with the traditional access granting roles like Contributor and Observer. For example, users that are a member of a group assigned the Observer and LimitedView roles will have the ability to view all records in an app, but will not be able to Send, Download or otherwise access the restricted functionality. |
| Moderator | Manage content in the app and perform maintenance operations. |
| Observer | View content in the app. |
| Referencer | Reference content in this app from another app. |