Permission Trees
Permission tree records are structured within a tree hierarchy called the permission tree. The permission tree is where permission tree records are maintained.
Permission tree records are created and used to set permission tree field values on records. The permission tree field is referenced on a record, as the Permission Tree Code, and it determines whether a user can view a record or not. So, if the Permission Tree Code on a work order is "A21", for example, and a user has been allocated a Permission Tree Code of "A21", then that user will be able to view the work order.
The permission tree checks whether a user has permissions to a certain entity in On Key. It was introduced as a filter criterion to facilitate the shortcomings on the site tree. The responsibility of permissions was thus detached from sites and given to the permission tree.
The permission tree can be structured to show a hierarchical relationship between permission tree records. You can expand and collapse parent records to view child records. It visually displays the security structure and it also assists in the management of user permissions because when a permission tree record is linked to a security role, the permissions can be applied down the permission tree.
The permission tree can be viewed in a tree structure or on a grid, by switching between "Tree" and "Grid" in the drop-down on the toolbar.
Mirror from Site Tree
The permission tree can be set up to mirror the site tree. This is configured in the system options, with the Synchronise Site Tree With Permission Tree setting.
If this setting is enabled, then a permission tree record will automatically be added to the permission tree when a site is added to the site tree. Hence, the permission tree will be a mirror of the site tree and they will remain in sync.
However, if this system option is disabled, it cannot be enabled again and the link between the site tree and the permission tree will be broken.
Refer to Defaults in the system options for more information.
Permission Tree Code Defaulting
If the Permission Tree Code is not specified on creating a new record, it will be auto-assigned, where possible. The system will assign the Permission Tree Code from the parent record. The Permission Tree Code will either default to the parent's Permission Tree Code or to the Site Code.
The sequence in which the Permission Tree Code defaulting occurs is as follows:
- Firstly, the system will copy the Site Code from the parent to the record.
- Next, if a site is specified on the record, the system will check whether the system option to Synchronise Site Tree With Permission Tree is enabled. If so, the Permission Tree Code will be assigned from the record's Site Code.
- Lastly, the record's Permission Tree Code will default to the parent's Permission Tree Code.
To change the Permission Tree Code on an entity, open the record's edit screen and click Assist > Change Permission Tree, then select a new value from the Permission Tree Code lookup.