Pages

2012/05/15

Understanding Relationship Among “Permission”,“Role”&“User” in 2BizBox ERP


To those who are experienced in writing codes or designing permission management software, it is a matter of course to understand relationship among “permission”, “role” and “user”. However, to common users, who are just at the beginning of using an operation system, these three concepts might be a bit dizzy. In recent years, while 2BizBox’s users are increasing, many inquisitive customers request a thorough explanation of these concepts. In this article, we will dive into the bottom with you to dig out their ultimate relationships.

Before we explore the relationships, we should explain these concepts separately.

Permission 
“Permission” in 2BizBox, is the most basic and fine-grained permission definition that is visible. 2BizBox defines every function and operation in the system and give each one an independent permission as the security permission control item at the smallest granularity. (If you are a developer, take it as the level of function or API.) Normally, these definitions of permission, which are at the bottom with huge numbers and refining functions, are not easy to digest for common users. But as soon as you need to define a very special role or user in the system, you will find “permission” quite helpful and flexible. You should have noticed that you are not allowed to delete, add or revise any of the permissions because 2BizBox developing group has set them in advance. We are now publishing several hundreds of permission for you to check in the “security box”, as follow:
Role 
Role is the collection of a series of Permission. It is not real, but an abstract concept of someone. By combining permissions to a role and name it such as General Manager, Manufacturing Manager, New staff, we can use these roles to manage real peoples permission later.
We predefine many roles in 2BizBox, most of which are set by box and some are system roles such as super user and system administrator. You can use these roles directly, or you can define new roles by your actual needs. You can delete, add or revise these customized roles as long as you have permission to these operations.

User 
For common users, user is the most essential concept. We log in the system with our user names. For example, admin is a user here. A user is a real operator, or an employee. By giving one or more roles to the user, we formulate what this user can do and cannot do. We can give a user one or more roles. For example, if an employee charges both the financial department and warehouse, as a user in the system, he has the role of financial manager and warehouse manager at the same time.

2BizBox only predefine an admin user with complete permissions after installation. You need to add more users as admin. When adding a user, he can be an internal employee or an external cooperative party member. We provide you the option in adding a user.

Employee 
Finally we should pay attention to “employee” since we’ve mentioned it above. “Employee” is a concept in HR Box. An employee can be a user, but a user is not necessarily an employee. We can create a user for some external system maintainer, or a cooperated company’s engineer. If an employee doesn’t use the system, e.g. the gate keeper or workers in the workshop, we should not create a user for him.

When we add an employee in the system, we can set his user name at the same time to link this employee and related user. It is a one-to-one link that is one employee has only one user name while one user name matches one employee. This rule is set for enterprise management. In case user A downloads and leaks out a drawing of the company, we are able to chase his operation and know employee A is responsible. If user A matches more than one employee, the company shall take extra investigation to track the responsible party.

Finally we provide you a picture to show relationships between these concepts. In this picture, John and Cathy both have two roles Role 2 and Role 3 and complete permission 1 to 4. Arlene as Role 1 has permission 1 to 3 and Ethan as Role 3 only has permission 3 and 4

No comments:

Post a Comment