Open topic with navigation

Privilege Rules

Privilege rules are maintained in System Setup: Users & Groups > Groups

Privilege Rules are rules that specify a set of permitted Actions that members of a specific group can perform an a specified set of data. There is no limit to the number of Privilege Rules that can be applied to the same Group.

Each Privilege Rule is defined by specifying:

• A Group (of Users)

• An Action Set
• A Structure Node (Products, Classifications, Collections, Publications, Entities, and eCatalogs)
• A Workflow state
• An Attribute Group (or one Attribute).
• An Object Type
• Limitations to certain dimensions

Each Group must be assigned Privilege Rules, defining which Actions the members of that Group are allowed to perform, and which data the members of the Group is allowed to work with. Defining the Privilege rules forms one part of the Privilege control system settings. The second part, defining Action Sets, is performed in System Setup under Action Sets. For more information about Action Sets, see System Setup > Action Sets here. A Privilege rule grants all of the Users in a Group the permission to perform any of the Actions in the selected Action Set. This permission can be restricted to specific sets of data.

Important: Privilege Rules applied a User Group will be inherited to sub User Groups. This means it is possible to apply general Privilege Rules on a top level and only specify local Privilege Rules on sub User Groups. GUI setup applied a top User Group will not be inherited to any sub User Group. It is to be recommended to apply all general Privilege Rules as high as possible in the User Groups Hierarchy to simplify management of the Privilege Rules.

Privilege Rule Types

There are two types of Privilege rules:

Setup Privileges: These are usually actions that are usually performed by a System administrator.

User Privileges: For actions that should be performed by the users of a specific group.

Restricting Actions

Actions can be restricted to:

• Objects that are linked to a specific node (or a node below) in the Classification, Product, Publication, Entity or eCatalog hierarchy, a in specific node collection or in a STEP Workflow in a specific state.
• Attributes within a specified Attribute Group (e.g. changing an Attribute Value). If an Attribute Group(s) is not specified, the Action is permitted for all Attributes.

• Workflows, Integration Endpoints, and Business Rules within a specified Setup Group
• Specified Dimension Points. If no Dimension Point is specified for a Dimension, the Action is permitted for all Dimension Points within that Dimension.

• Specified Object type. If no Object type is specified, the Action is permitted for all Object types.

Unlimited Number of Privilege Rules

Any number of rules may be set up for the same Group, granting permissions for specific Actions Sets on a number of hierarchy nodes and Dimension Points.

Note: A User may be a member of more Groups. The User will accumulate the Privilege rules from all these Groups, so a restriction from one Group is ignored if the corresponding Action is permitted via another Group membership.

Editing Linked Objects

If a Privilege rule permits the editing of a specific Attribute Value for Products linked to a specific Classification node, this Attribute Value can also be edited through other Classification nodes that these Products may be linked to.

Access to Classifications and Products

If a Group has permission to work with a specific Classification node, Attribute Values can be edited for all Products linked to (or below) that node. However, access to the Classification node does not grant the privilege to link new Products in the Product hierarchy. To do that, the Group must have permission to work with the specific Product node as well.

2019, Stibo Systems – Confidential