Roles and Permissions

Roles-and-Perms-02-189x200“Roles and Permissions” might sound a little bit like “Dungeons and Dragons”, but they are actually totally unrelated.  A company needs to put limits on what a user can do, and roles and permissions are the way to do that. You might keep confidential information about employees in the database (e.g. wages) and not want to allow all users to have access to this information.  Therefore, you only grant the users, with the need-to-know, the permissions required to access this information.  You can actually fine-tune it and allow certain users the permission to view the information, but only a few individuals can create, edit, or delete employee information.

What are Roles?

Roles are a grouping of permissions that you can assign to a user as a group.  You most often set up roles based on the job function.  A “sales rep” would certainly have a different set of permissions then an “account payable clerk”, so you set up two separate roles, one for each.  If you get a new “sales rep” then all you need to do is add them as a user and assign then the “sales rep” role.  It sort of makes sense… right?

Assigning Roles and Permissions

What you do first is assign a person a role based on job function.  It is possible that a times a user might be assigned more than one role.  This can happen if someone goes on holidays and they have to assume their duties as well as their own.  The 2nd role would only be assigned temporarily and then it could be removed.  It is possible that you have three sales reps, but one of them is also handling the sales manager post.  In this case, you would give them the “sales rep” role and then assign them additional permissions based on their added duties.  In this way, a person can be assigned both roles (a grouping of permissions) and individual permission.

Deny Permissions

This is where it might get a little confusing, but stay with me.  What happens if you get a new “accounts payable” clerk.  Most companies will put a new employee on “probation” for a certain period of time, just to make sure that they work out and prove trustworthy.  You would probably need to assign them the “accounts payable” role, but there may be certain information that you want to keep confidentially until they finish their probationary period.  In this case, you can assign them “deny permissions”.  What “deny permissions” do is cancel out some of the permissions that have been assigned to them in a role, so out of the 20 permissions included in the role, they end up with 17 permissions, because three “deny permissions” were also assigned.  These deny permission can easily be removed at a later date.

The User Manager

Since roles and permissions are important, we have created a “User Manager” module that we include FREE! with every access database which we build.  It is there for you to use, if you want to, or not, the choice is yours.  We believe that “data security” is becoming  more important all the time and we want to ensure that your information is safe.  This is one of the ways that we can do this.