How Administration Console assigns permissions
Question
How are permissions assigned when specified on the Security section of Administration Console?
Answer
This is better explained through an example:
I'll use the user account "user" which belongs to two groups "GroupA" and "GroupB" to clarify how Administration Console assigns permissions.
- When working with the security in Administration Console the first thing to understand is that a "denied" access has preference over an "allowed" access. This means that if GroupA has access to all and GroupB has denied access (activated the "deny" checkbox) to all, user will have denied access to all actions.
- There are two ways of not allowing access to a certain action:
-. Either you don't allow the action for that user or group of users:
-. Or you "deny" it:
If we go back to the example previously mentioned, if GroupA has allowed access to all and GroupB doesn't have allowed access to all (note that I'm not "denying" access, only disabling the "allow" checkbox) then user WILL have access to all, inherited from GroupA.
*Also please note that you can verify the current access for a user or group of users by right clicking on them in Administration Console and choosing the "Effective Permissions" option:
More Information
This is also valid for Security Center from v10.1 and earlier versions of BarTender.