Assigning Access Permissions

Access rights are an essential component of security in any business. They determine the level of access that a user has to items and functionality on your system, such as whether they can view content or edit it.

There are three possible settings for every access right. They're:

  1. Allow – grants the associated access rights for the selected account.
  2. Deny – denies the associated access right for the selected account.
  3. Inherit - access is neither granted nor denied. You can use this setting to grant or deny the item's ability to inherit the access rights that have been assigned to the different roles.

Conflicting access rights

A user can be a member of many different roles. When a user is a member of another role, the access rights of both roles are combined to give the users who are members of these roles the accumulated access rights of both roles. The following general rules apply if access rights between roles are in conflict:

Rule Example
Denied when an access right is not specified. The default value for access rights is Denied. If no access right is specified, the user does not have access to that item.
Inheritance is Allowed when an access right is not specified. The default value for inheritance access right is Allowed
Denied overrules Allowed. If a user belongs to two roles, one of which explicitly grants them access to an item and the other of which explicitly denies them access to the same item, they are denied access to the item. This also applies to the rights of inheritance access.