Accounts
From Aligni Wiki
Aligni provides role-based access control (RBAC) for user accounts. RBAC allows the site administrators a compromise between simplicity and flexibility when granting user access to their data without sacrificing data integrity or security. The Aligni RBAC is built on a foundation of a few pre-determined roles in addition to user-configurable usergroups to add additional access.
Contents |
Universal Roles
- Administrator - There is exactly one administrator account for each site. The administrator maintains complete control of the site and is granted all permissions.
- Librarian - Each site may have multiple Librarian accounts. A Librarian is granted all permissions except:
- Cannot manage site settings
- Cannot manage user accounts
- Cannot manage usergroups
- Basic - A Basic account is given very limited access. Basic accounts may not change any data, but may view all data except:
- Cannot view cost information (quotes, costsheets, inventory value)
- Cannot view inventory
- Public - A site may optionally enable the Public account. The Public account is provided the same limitations as the Basic account but doesn not require any login credentials.
Custom Usergroups
In addition to the universal roles provided by default, Aligni allows the Administrator to create custom Usergroups. These Usergroups may have customized permissions assigned to each. Each custom Usergroup starts with the read-only permissions of a Basic account.
| Manage Parts | Create and edit parts that are queued to the Librarian for committal. Only a librarian can edit parts after it has been committed. |
|---|---|
| Annotate | Add notes to database entries. |
| Create RFQs | Create and submit RFQs to vendors. |
| View inventory | Show inventory contents and history. |
| Manage inventory | Perform transfers, consumptions, and adjustments. |
| View cost information | View quotes, costsheets, and inventory value. |
Unavailable Permissions
The following capabilities are not allowed to custom usergroups. They are permissions only provided to the Administrator and Librarians:
| Manage Committed Parts | Manage Manufacturers |
| Manage Vendors | Manage Contacts |
| Manage Parttypes | Manage Units |
Example
The table below shows an example of how permissions could be setup for a site. In a smaller company, the "Lead Engineer" would probably just be setup as a librarian and allowed to make changes to committed parts.
| Usergroup | Manage Parts | Create RFQ | View Inventory | Manage Inventory | View Costs |
|---|---|---|---|---|---|
| Manager | x | x | x | ||
| Lead Engineer | x | x | x | x | x |
| Engineer | x | x | x | ||
| Contractor | x | x | x | ||
| Inventory Manager | x | x |
