nolink&900|

Permission manager

Introduction

Because we offer different subscription packages, dependeing on their choice, our users can access different functions in the Whereis application. Within a company hierarchy, we offer further alternatives - if it's required (for example at the request of the management) - to limit the permissions of certain users, resulting in a limited access to the functions in the system. These permissions are usually set by us, based on the client's request. Besides providing or limiting functional permissions, there often are situations where the question is not the access of functions, but the access of data within them. We developed the Permission Management system based on these needs. This function provides the opportunity to the employee with the necessary authorization in the system, to assign permissions applying to the registration units. This background module of the Whereis application is called the Object Permission module.

Principles of Object Permission

Meaning of Object Permission

What exactly is a permission, that applies to certain objects or registration units? It's easy to understand through a lifelike example. A larger business operates in different organizational units, such as the product development, procurement, production, marketing and sales management, logistics (distribution, delivery), financial departement and of course the headquarters. In order to proceed with daily work, the company provides the employees with all sort of vehicles (cars, trucks, forklifts, etc). To keep the example simple, we assume - though it's not compulsory - that each vehicle is equipped with a GPS tracker device. The heads of organisational units have the responsibility - among many other tasks - to monitor the employees’ adequate and economic use of the unit’s vehicles, as well as the purpose of vehicle use. Consequently, the sales manager has to supervise the mileage of the vehicles within the sales unit, so he/she has to have the permission to access the interface showing the vehicles' current and past positions. The sales manager shouldn't see though the data of vehicles within other units, that obviously is the responsibility of the given unit's head. So how can this apparent conflict be solved? The solution lies with the object permission. The sales manager has function permission to access the current and past positions interface, but his/her object permission is limited, so he/she can only see the vehicles within the sales unit. How can this be done? *One possible way to do it is, when the user having the necessary authorization in the system (administrator) gives the object (observation) permission to all vehicles belonging to the given organizational unit. *If several, tens or maybe hundreds of vehicles are concerned, it is rather practical to create a so called vehicle group, include all concerned vehicle in it, then assign the object permission to the vehicle group.

Allowing and prohibitive permissions

While we've been designing the Permission manager, we kept the idea in mind, that using it, users should be able to create the most complicated settings quickly and easily. A situation might likely occur during normal operation, when object or object group permission has to be assigned to almost every user in a group, except for a few. The contrary can also happen, when only a few member needs object permission in a user group. To manage these cases quickly and efficiently, we introduced the allowing and prohibitive permissions. They are to be used evidently, to grant rights use the allowing ones, to deny, use the prohibitive ones.

Scope and explanation of objects in the Permission manager

This chapter explains and describes the objects and registration units handled in the Permission manager in detail. Permissions can be assigned to the objects mentioned below.

Vehicle

This registration unit can be created in the Fleet Management's Vehicles option, it serves to register and maintain the company's vehicles' data, and to execute administrative and registration tasks. The vehicles' data can be registered regardless whether it has been equipped with a GPS tracker device or not. The data displayed on the tracking interfaces is provided by the GPS tracking devices, so if a vehicle is not associated with a tracking device, the tracking option is obviously not available.

Device

The device is a GPS tracking device, which can be built in cars, trucks, or in any other vehicle.

Rule, rulechain

Using rules and rulechains, users can learn about events that are relevant or significant to them, i.e. speeding, sudden fuel level drop, lost connection, etc.

Company

The “Company” is an important base element of the Fleet Management system, as a registration and organizing unit. A user can manage several company's data and information, but the objects (vehicles, devices, etc) always belong to one company only.

Group

Groups can be created to organize the system's objects, users can include objects in a group along a certain principle or quality. Groups make search and filtering easier in those functions, where it is possible to search vehicles, devices or persons based on group memberhsip.

Query profiles

In several functions of the application, users can save their unique query configuration in so called Query profiles, with a name and short description. It is granted, that using these profiles the query's result will always be returned along the same aspects.

POI - Point of interest

A point of interest, or POI, is a specific geological location that a user may find useful or important using the application. They can be tourist attractions, hotels, petrol stations, company sites, business interests, town or city details, countys, or even whole countries (Global POIs). Users can create POIs freely in respect of size and number, based on their personal needs. All map interfaces - except for Evaluation - allows users to create and manage POIs, events in connection with POIs (entering, crossing, leaving, inside, outside) can be managed using rules and rulechains.

POI group

The POI function allows users to create POI groups within POI management, and when creating a new POI on the map (NOT in menu option Groups in Fleet Management!!!). POIs can be included in POI groups along a certain aspect or quality, either upon POI creation, or when modifying their properties. Then POIs included in a group can be managed on group level.

Permission manager

Filtering and Queries

The base of the function Permission Management is a filterable and organizable list, which is already known from other functions in the application. The list is empty by default, it is necessary to select at least one filtering aspect, and to run the search. The data can be searched and displayed by the following aspects:

  • User
  • Permission type
  • The object to which the permission type applies i.e. a vehicle
  • The legal entity i.e. the allowing or prohibitve permission
  • The validity

After setting the search criteria, the button with the magnifier icon will run the query.

Organizing the list

The displayed list's “Name” and “Valid from” columns are sortable in alphabetic or numeric order, by clicking on the column's head. One click will organize the column in increasing, the second will arrange it in decreasing order.

Permission handling

The controllers in the first and last column in the list - they appear as hyperlinks in the last column - start functions involving the row in which they are, the controllers below the list start general functions, involving the whole list. These functions are the followings:

Displaying/hiding columns

The button “Columns” below the list opens a drop-down list, from which users can select the columns they want to display by ticking the items' boxes one by one. The list follows the selection in real-time, meaning that the corresponding column disappears immediately when the user unticks a box. The drop-down list closes with the X button in the top right corner, or by clicking anywhere outside the list.

Modification/view

The button indicated with a pencil opens the permission set applying to the given row in “Wizard mode”, which we will explain in chapter “New permission entry”. Opening the permission set this way, the wizard's 3rd step will be displayed, where permission entities can be added and revoked, but users can also step further back in the process.

Inheritance viewer (complete and filtered)

The Inheritance viewer has been designed to show where does the difference between the permissions and the aggregated permissions column (the permissions inherited from other objects) come from, from what inheritance it originates. If we open the Inheritance viewer with the button located left, next to the pencil, all inheritance will be displayed, if we open it with the hyperlink in the aggregated permissions (Summarized) column, then the display will show the permissions relating to the hyperlink text's content.

Permission copying

This function allows users to copy the complete set of permissions of the source user to the target user. The copying function opens with the “Copy permissions” button below the list. By clicking the button a new window appears, where the user selects the source user and target user(s), then the copying starts with the Copy button. This operation applies critical changes in the system, therefore the user has to confirm it in a popup window before execution.

New permission entry - Permission wizard

The permisison wizard breaks the permission creating procedure into easily comprehensible steps, also guides the user step by step through the process. Each step has a brief explanation, besides

Ennél a funkciónál a rendszer lépésről-lépésre vezeti a felhasználót úgy, hogy a jogosultság beállítási folyamatot logikus, jól követhető és értelmezhető lépésekre bontja. Minden lépéshez segítő szöveg társul, illetve a képernyőn csak olyan elemek jelennek meg, melyek az adott lépéshez feltétlenül szükségesek.

Felhasználók kiválasztása

A felhasználókat - akik részére az azonos jogosultságokat akarjuk beállítani - a rendszer egyéb felületein már megszokott és jól használható két listás módszerrel lehet kiválasztani. A baloldali listában az elérhető felhasználók, a jobboldali listában a már kiválasztott felhasználók láthatók. A listákban az egyes elemek csoportosan is kijelölhetők (Ctrl gomb + kattintás), a kijelölt felhasználók a két lista között elhelyezett mozgatógombokkal mozgathatók. A képernyő felső részén a varázsló első lépésének felülete aktív, de a későbbi lépésekre irányító fülek is megtalálhatók. A jogosztás varázsló következő lépésére - mely a jogosultság típusok kiválasztása - a “Következő” feliratú gombbal navigálhatunk.

Jogosultság típusok

A felhasználók kijelölését követően abba a varázsló állapotba jutunk, ahol azt választhatjuk ki, hogy milyen objektum típusokra akarunk jogosultságot osztani. A wizard előző lépéseinél beállított elemek darabszámát a felső sor tartalmazza. A választható objektumtípusok piktogramja mellett az objektumtípus neve és egy hozzá tartozó rövid magyarázó szöveg is megjelenik, mely információkkal segíti Önt. A jogosultság típusok a piktogramra való kattintással jelölhetők ki, a kiválasztott elem piktogramján jól látható a kiválasztott állapot. A kiválasztást megszüntetni egy újabb kattintással lehet. A megfelelő jogosultság típusok kiválasztását követően a következő gombbal navigálhatunk a Hozzárendelési szintek felületre.

Hozzárendelési szint

A varázsló következő lépése a hozzárendelési szint (a csoportosítás) kiválasztása. Ezen a felületen már csak azok az elemek jelennek meg, melyek a korábbi jogosultság típus kiválasztás alapján releváns lehet. A hozzárendelési szint kattintással választható ki. A kattintást követően azonnal megjelenik a tényleges jogosultságelemek kiosztására alkalmas felület, melynek felső részén a kiválasztott hozzárendelési szintnek megfelelő elem kiválasztására van lehetőség, alsó részében pedig - a már megszokott két listás módon - az engedélyező és tiltó elemek kiválasztására alkalmas felület. A megfelelő jogosultságelemek beállítását követően a beállítást a mentés gombra kattintással véglegesíthetjük, ezt követően a varázsló “alaphelyzetbe” kerül, a varázsló első eleméhez, ahol ha ugyanezekre a kiválasztott userekre akarunk további jogokat osztani, akkor csak a “következő” gombbal kell tovább navigálnunk a második lépésre, ha pedig másik felhasználókra, akkor lehetőségünk van a listában a felhasználók körét beállítani.