Understanding Permissions
Civic Platform provides three levels of access (Full, Read Only, None) to Civic Platform objects and functions. Full access enables modification, Read Only enables viewing, and None provides no access. Civic Platform enforces access control on many different objects and functions, including workflow status, application types, inspections, calendars, FIDs, and so forth.
Civic Platform manages access permissions for modules, groups, and individual users. Unless you define specific access permissions at the group or individual user level, groups and users inherit access permissions from their parent module. You can set access permissions differently for the module to which a group belongs, the group to which an individual user belongs, and the individual user.
When access permissions differ between the module, group, and individual user, the access assigned at the most specific level applies. For example, if an individual user has Read access and the group to which they belong has Full access, Civic Platform enforces Read access.
Access Determination for Civic Platform illustrates how Civic Platform might determine access when multiple security policies apply to a situation.
User Group | Workflow | Appl. Type | FID | User Access |
---|---|---|---|---|
Full | Full | Full | Full | Full |
Read | Full | None | Read | None |
Full | Read | Full | Read | Read |
None | Full | Full | Read | None |
Full | Read | Read | Full | Read |
Civic Platform enables agencies to define up to four levels of user groups, each with their own access permissions. In addition, you can set access permissions at any of the four levels of record type structure. The best practice provides the most access at the highest level needed, then limits access at more specific levels, as required.
To set the permissions for a Civic Platform object, you associate the module, group, or individual user to the object of concern. For example, Specifying Permissions for Civic Platform Objects shows how you associate the permissions of a module, group, or individual user to an event calendar.
To set access to Civic Platform functions (FIDs), you set the module or group access permission on a listing of approximately 600 FIDs (Specifying Permissions for Civic Platform Functions). The Civic Platform Configuration Reference provides a reference for the FIDs.