Via the autorisation role you can specify who may open, read, add, modify or delete which entities (elements) within SOFOS360 and optionally on which conditions ("rights").

  

By default, SOFOS360 has two authorization roles:

• Administrator: the user has access to all elements within the application.
• Default: the user has access only to the My Data menu, but not to the other modules.

Any other authorization roles will be created for you during implementation. For each element, you can then specify in SOFOS360 which rights the authorization role will have.

There are three types of authorization options:

• General Rights
• Permission on content (entities)
• Permission on content (fields and objects)

Several levels:

• The highest level is permission on entities (see Type of Permissions). With this you give permission to perform editing and processing on all entities, which you select within a role.
• The two levels below give rights to the contents of the entities.
• With "Permission on content (fields)" (see Permission on content (fields)) you specify which fields of the current entity may be read or modified and optionally under what condition.
• With "Permission on content (entities)" (see Permission on content (entities)) you indicate which data of the entity may be read under a certain condition. For example: "The user may read a substance if the CMR field is not checked".

For example:

• A user may view all substances (entity).
• Field authorisation: you authorize a user to see all substances, but not all fields (e.g. not the field with the CAS numbers), then you can 'turn off' this field. The user will no longer see the CAS numbers in the module Substances.
• Object authorisation: you authorise a user to see all substances (read rights), but not to edit (write rights). The user will then see all substances in the screen, but will not be able to edit or delete anything.

Authorisation functions

Besides the regular authorisations, there are several functions that provide special authorisation options.

• CurrentUserId() : Indicates the unique key of the currently logged in user. This function can be used to authorise certain data based on the currently logged in user.
• IsAssignedToCurrentUser([IsAssignedToUser]): Displays 'is true' only when the current substance is linked to the currently logged in user or is linked to a department where the currently logged in user is actively working. For example, this allows substances on the information portal to be filtered so that a user only sees the substances that apply to him/her.
• IsAssignedToCurrentUserOrNotAssignedAtAll([IsAssignedToUser]): Displays 'is true' when the current substance is not linked or is linked to the currently logged in user or is linked to a department where the currently logged in user is actively working. This allows, for example, substances on the information portal to be filtered so that a user only sees the substances that apply to him/her or are not linked to a staff member or department.

When filtering substances on the information portal based on the user logged in or the departments associated with this user, it is important that you uncheck the reading rights in the authorization for the entity 'Information portal (basic)'. On the tab 'Authorisation on content (entities)', fill in the criterion field (via the text field) one of the above function with read rights.

 

Examples

Example 1

"The user with this role may only see substances that do not have a CMR or SZW indication".

The Type Authorisation

The Field Authorisation

 

 

 

Example 2

"The logged-in user may only change their own password and the 'Change password at login' checkbox, and may not see other users' data."

 

The Type Authorisation

The Field Authorisation

 

The Object Authorisation