How to specify user access security levels at different areas within the hierarchy of PATorganiser
This feature is only available to Enterprise Customers
This feature provides the ability to specify Read, Read/Write function to each location within the PATorganiser hierarchy tree. And a user who does not have access to an area cannot see any other areas in the tree or access its files through the files page.
Hierarchy Access Levels
The following areas in the hierarchy can have access specified:
- Client, Site and Location (The 3 highest levels)
The “Unknown” hierarchy is not user assignable- this is for administrators only
Rules for Access
The following rules apply when specifying access:
- Access granted at a low level, automatically assumes read-only access to levels above it so that it can be accessed
- Access granted at higher levels, automatically applies downstream
An Administrator user full unrestricted access to any hierarchy levelsThe existing user roles of Read-Only and Read-Write will apply in the following way:
- A read-only user cannot be granted read-write privileges – this is a safety guard
- A read-write user can be given read-only AND read-write privileges – but no assignments give no access
A user can use the upload data options in the application but can only generate data against assets within their areas. If a data load contains assets that are not within their read-write locations, these will be ignored.
How to change a user access level based on hierarchy
These steps can only be performed by a user with 'admin' level access
Go into the PATorgainser app:
- Click on Users
- And select an existing user
- Or add a new user
Select 'IAM' for the role if you want to assign access levels based on hierarchy within PATorganiser based on Client, Site or Location:
IAM: individual access management provides
no access until granted access to either a Client, Site or Location
Admin: has unlimited rights (make system changes, add users etc.).
User: has full rights but cannot change system settings (i.e. add more users, change invoicing settings)
Read Only: can generate reports etc. but cannot make any changes.
Now go into the Organiser view and select either:
- Client level
- Site level
- Location level
Then click 'Edit Access'
- Click 'Add' to add a user for restricted access
- Select the dropdown and the user you want to edit
- Select whether they get 'R' (Read) or R/W (Read/Write) access
- Press save
How to review user access
To review access for all users at any time and remove access easily:
- Go to settings
- Click on users
- Select a user
- Click 'View Hierarchy Permissions'
From here you can either view a users access or delete their access by:
- Selecting the user
- Deleting access