‘Access Rights’ is the term that is used to describe the set of permissions that control access to Private Items within Activ’s modules. These are distinct to normal System Permissions, and:
- are only applicable to Private Items;
- are item-specific (i.e. set against each Private Item individually); and
- can override normal module permissions for that specific item if it is in a relevant module (see below).
Access Rights for each Private Item are managed through a dedicated ‘Access Rights’ tab that is stored as part of the Private Item’s record. This tab will be hidden for Public (non-Private) items, but will automatically appear within a record when the ‘Private’ flag is enabled. As with normal System Permissions, Access Rights can be customised for each user and each Private Item, allowing you to finely control who can access your most sensitive data.
Note that, by default, all users (including System Administrators) are assigned no Access Rights to Private items, meaning that they cannot access or modify the item. Users can only access Private items if they have explicitly been given Access Rights to the item.
Within Activ, Private Items can be divided into three broad categories that follow slightly different access rules. These are:
*****
Access Rights for Files and Processes
When a folder or process is made Private, Activ gives you the ability to provide users with lower or higher Access Rights to that folder/process than they would normally have to the module. This supports the management of projects (etc) by allowing you to base Access Rights for these items on the role that each individual has to play within that project. Because of this ability, Access Rights for these items will overwrite the user’s normal module permissions, enabling you to lock an ‘admin’ user to ‘view’ rights, or to allow a user with ‘read only’ module permissions to edit the Private Item.
To support this functionality, these Private Items provide three levels of access. These are:
- Can View? – if ‘yes’, the user will be able to view the Private process / access the Private folder and its files/subfolders.
- Can Edit? – if ‘yes’, the user will have full ‘Edit’ rights to the Private process / the Private folder and all of its contents.
- Can Delete? – if ‘yes’, the user will have full ‘Admin’ rights to the Private process / the Private folder and all of its contents.
Note that, uniquely for files, Access Rights are set and managed on the folder that the file is stored within, and not on the file itself. In addition, all Access Rights that are set against a folder will cascade down through its contents, meaning that all subfolders will have the same Access Rights as its Private parent folder. These folders may themselves be located in their Library’s root (i.e. at the top level of the folder structure), or may be a subfolder of a public folder.
*****
Access Rights for Other Private Items
Whilst the records for individual files and processes are relatively simple, the majority of other records within Activ are structurally complex. This is in part due to the interconnectivity of Activ’s modules, which results in these records being linkable to many other areas of the platform, and in part due to the complexity of the individual modules themselves. Because of this complexity, it is not feasible to allow alternate permissions to be set against these items when they are made Private, and the normal module permissions for each component of the record are enforced instead. Effectively, for these records Access Rights determine whether the Private record can be accessed, and the user’s normal System Permissions determine what can be done with a Private record if the user can access it.
To support this, these Private Items provide one level of access. This is:
- Can View? – if ‘yes’, the user will be able to open the record, and their normal System Permissions will determine whether they have ‘Read Only’, ‘Edit’, or ‘Admin’ access to the record’s content.
