Configuring and Using Access Control

OpenAir provides a Role Based Access Control (RBAC) model to set up authorization policies for users. These policies control the functionality available to users and can be set up by customers to enforce separation of duties.

Authorization includes primarily two processes:

• Permitting only certain users to access, process, alter data or perform certain actions such as approval and data export.

• Applying varying limitations on user access or actions.

Account administrators can create an unlimited number of roles and assign roles to users.

This section introduces the basic concepts and mechanisms for placing or removing such limitations on users, individually or in groups. The following levels of permission are discussed:

Note:

The links in the following list link to help topics under the Administrator Guide.

• Roles — Managing and controlling user privileges is made easier by using roles, which are named groups of related privileges that you grant as a group to users. See Roles Overview.

• Filter Sets — Filter sets define what data the employee has permission to view or update. Roles and Filter Sets may overlay to provide a feature/data matrix of capabilities for the employee. See Filter Sets Overview.

• Form Permissions — Form Permissions can be used to control specific field level access on forms for each role. See Form Permissions.

• User Settings — All users must be assigned one and only one role and at least one filter set. Privileges and access rights can also be set for users on an individual basis. See Employee Access Control Settings.

• Guest Roles and Guests — Guests are customers who are able to sign in to OpenAir and view the application data that is associated with them. See Guest Roles and Guests.