Difference between revisions of "Setup new role"
(Tag: visualeditor) |
(→Requirements) (Tag: visualeditor) |
||
| Line 14: | Line 14: | ||
=== Requirements === | === Requirements === | ||
| − | * RRR is fundamentally a product that consist of a series of | + | * RRR is fundamentally a product that consist of a series of sub-products A, B and C where each consists of a number of resources: |
| + | ** A series of questionnaires. | ||
| + | ** A reporting portal for individuals. | ||
| + | ** A reporting portal for department leaders. | ||
* Sales to RRR is through multiple channels | * Sales to RRR is through multiple channels | ||
** The owners, which we shall call SuperAdmins, may sell either to individuals, companies or resellers. | ** The owners, which we shall call SuperAdmins, may sell either to individuals, companies or resellers. | ||
** Companies may "sell" to their departments. | ** Companies may "sell" to their departments. | ||
** Resellers can sell to other companies. | ** Resellers can sell to other companies. | ||
| − | |||
** Companies and individuals may buy access online. | ** Companies and individuals may buy access online. | ||
| − | ** The seller may restrict access to a limited set of | + | ** The seller may restrict access to a limited set of sub-products. |
| − | * Administration of user (HR admins) in a reseller, company or department should be possible without having to pay for the account to do so | + | * Administration of user (HR admins) in a reseller, company or department should be possible without having to pay for the account to do so. |
| − | * Payment is based on price per user that has access to a | + | * Payment is based on price per user that has access to a sub-product, so access to A may cost 10 per user and B may cost 20. |
=== Access === | === Access === | ||
| − | Since RRR ask sensitive information access to each | + | Since the questionnaires in RRR ask sensitive information, access to each users answers is restricted: |
| − | * A user only has access to view their own data | + | * A user only has access to view their own data. |
| − | * A HR admin has to the user, not the collected data of the user | + | * A HR admin has access to the user, not the collected data of the user. |
| − | * A department leader | + | * A department leader has same access to the user as the HR admin, but also has access to aggregated data for the departments members. |
| − | * | + | * Sellers should have same access as HR admins to the companies they sell to. |
| + | * The seller may restrict access to a limited set of sub-products. I.e. it should be possible for a department to only be able to give their members access to A. Similarly, an individual buying access to A should only have access to A. | ||
| + | |||
| + | === Folder structure === | ||
| + | * RRR | ||
| + | ** (SuperAdmins) | ||
| + | ** Companies | ||
| + | *** Company X | ||
| + | ** Products | ||
| + | *** A | ||
| + | *** B | ||
| + | *** C | ||
| + | Under a Company there is the following structure: | ||
| + | * Company X | ||
| + | ** (HR Admins) | ||
| + | ** (Leaders) | ||
| + | ** (Members) | ||
| + | ** Users | ||
| + | *** ...user... | ||
| + | ** Dept X ← which itself is a Company folder | ||
* | * | ||
| − | TODO access for individual that buys 2 qnaires? | + | TODO access for individual that buys 2 qnaires? Solve by making each individual a department |
[[Category:Roles]] | [[Category:Roles]] | ||
Revision as of 13:03, 16 December 2019
A role is very simply a Group with the sub-type Role.
This allows you to use all of the CGScript functions on groups, imports, export, and the many other system features there are on groups.
Contents
Minimum requirements
In order for a role to function, it must defined a minimum of two Role extensions.
- "Added" - is called AFTER a user has been added to the role
- "Removed" - is called AFTER a user has been removed from the role.
Suggested folder structure
The roles does not have a required folder structure beyond defining where the role extensions themselves are located. How the access to the resources that membership of the role itself is not actually part of the role structure, but in order to facilitate an easy way to get an overview of any role, here is a suggestion for how to setup a new product that utilizes roles to ensure the proper access to all resources.
In our example, that we will call RRR, we have the following requirements:
Requirements
- RRR is fundamentally a product that consist of a series of sub-products A, B and C where each consists of a number of resources:
- A series of questionnaires.
- A reporting portal for individuals.
- A reporting portal for department leaders.
- Sales to RRR is through multiple channels
- The owners, which we shall call SuperAdmins, may sell either to individuals, companies or resellers.
- Companies may "sell" to their departments.
- Resellers can sell to other companies.
- Companies and individuals may buy access online.
- The seller may restrict access to a limited set of sub-products.
- Administration of user (HR admins) in a reseller, company or department should be possible without having to pay for the account to do so.
- Payment is based on price per user that has access to a sub-product, so access to A may cost 10 per user and B may cost 20.
Access
Since the questionnaires in RRR ask sensitive information, access to each users answers is restricted:
- A user only has access to view their own data.
- A HR admin has access to the user, not the collected data of the user.
- A department leader has same access to the user as the HR admin, but also has access to aggregated data for the departments members.
- Sellers should have same access as HR admins to the companies they sell to.
- The seller may restrict access to a limited set of sub-products. I.e. it should be possible for a department to only be able to give their members access to A. Similarly, an individual buying access to A should only have access to A.
Folder structure
- RRR
- (SuperAdmins)
- Companies
- Company X
- Products
- A
- B
- C
Under a Company there is the following structure:
- Company X
- (HR Admins)
- (Leaders)
- (Members)
- Users
- ...user...
- Dept X ← which itself is a Company folder
TODO access for individual that buys 2 qnaires? Solve by making each individual a department
