Authorisation with data filters

In the case of filter authorisation, you record filters for tables for which you want to limit the access. This is, for example, possible for employees, dossier items, organisations, purchase and sales contacts and ledger accounts.

Description

If a user accesses a view to which filter authorisation applies, Profit can let data through based on his active filters. Non-active filters are ignored. If none of the filters are active, the user cannot therefore see any data. If several filters are active, the 'sum' of the related access applies.

Extended example

A view contains all the dossier items present in Profit. All the employees are authorised for this view. You want to achieve the following via filter authorisation:

  • Employees with the ICT authorisation role, only have access to ICT requests.
  • Employees with the Support authorisation role, only have access to support requests.
  • The manager of the ICT/Support department has access to ICT and support requests.
  • The General Manager has access to all the dossier items.

This requires three filters. The ICTfilter only lets ICT requests pass through. This filter is activated for the ICT Employees authorisation role. The Support filter only lets support requests pass through. This filter is activated for the Support Employees authorisation role. Both filters are activated for the ICT/Support manager. Profit will allow dossier items from both filters to pass through (a ‘sum' of these filters).

For the general manager you must use the 'All' filter. This filter lets all the dossier items pass through, so the general manager can see all the dossier items.

The above example is limited in its extent; in practice you also require filters for employees from other departments. Purchasing employees, for example, are only allowed to view purchasing requests, sales employees are only allowed to view sales invoices, etc. For these groups you must also add filters.

Effective rights

The effective rights per user consist of:

  • All the group rights of the user; the most extensive authorisation applies here. If for an employee a filter is active via one group and not via another group, the filter is active.
  • Any deviations that are set at the user level supersede group rights. Here you can both expand and limit access.

You can determine per table (such as dossier items) if you want to use filters. As soon as you enable the use of filters for a table, access runs entirely via filters for all the groups and users. This is why you must directly add all the required filters and activate the correct filters per group/user. If you fail to do so, the users no longer have access to the data from the table in question.

Example: 

A view shows all the dossier items by default. If you activate the access According to filter, none of the users have access to the dossier items anymore. Once you have activated the filters you added for the groups, the groups once again have access based on the activated filters.

Procedure
Also see