Permissions are key to getting your asset management project up and running smoothly and efficiently, while making sure that only the right people have access to the right entities in the software. This is incredibly important and follow inventory management best practices.
Getting started
There are four main concepts that you will need to understand to properly setup permissions in Hector.
- Roles & Permissions
- Departments
- Groups
- Users
Roles & Permissions
A role contains permissions. Permissions give access to actions like viewing, creating, editing and deleting records. Some entities (like assets or loaners) have more actions available to them, like moving, reserving, printing, emailing and others. Each individual action is called a permission in the application. A permission within a role is broad and applies to all records in the application.
For example, if you have a drilling tool with a unique number like 1234, you cannot use roles and permissions to restrict access to this specific asset. It is all or nothing with roles and permissions.
To recap …
- Roles contain multiple permissions.
- Roles and permissions cannot be used with individual records.
- A role can have multiple users.
- A user can only have one role.
Departments
Departments are used to further identify a user within their organization. They can be used to specify permissions against records. This means you can use departments to lock down access to specific assets, stockrooms, customers, vendors, places, users, or contacts. Users can only belong to a single department.
Departments can be synchronized from external systems such as Active Directory or created directly in the application.
To recap …
- Departments can be used to restrict access to a record.
- Departments can be synchronized.
- A department can have multiple users.
- A user can belong to only one department.
Groups
Groups are used to add more options when segmenting users in the organization. They can be used to restrict access to records. This means you can use groups to lock down access to specific assets, stockrooms, customers, vendors, places, users, or contacts. Users can belong to more than one group.
Groups can be synchronized from external systems such as Active Directory or created directly in the application.
To recap …
- Groups can be used to restrict access to a record.
- Groups can be synchronized externally.
- A group can have multiple users.
- A user can belong to multiple groups.
Users
Users can access the application and perform transactions like creating, editing, moving or deleting records. A user’s access is restricted by their permissions which they obtain through their role, as well as their department and groups.
To recap …
- A user can login to the application.
- A user inherits their broad permissions through their role.
- A user inherits record level permissions through their department and groups.
Management versus Loaner permissions
If you do not have or use the loaner module, you can skip this section.
If you’ve made it this far in our guide, congratulations are in order! Permissions can be handful to understand when navigating any new software and we thank you for the time you’re investing in learning how they work in our asset management solution.
Now the second concept to understand applies to record level permissions. To better understand this concept, think of these permissions as being able to access a record (or not).
Management permissions will define the rules allowing access to that specific record. They can be thought of as ownership permissions. This means when you’re granting management permissions, you’re giving users the access to the record. Afterwards, their role will dictate what they can or cannot do on the record.
Below is an example of management permissions which also contains a loaner tab (which we will address later). Management permissions are always found in a tab called Permissions on the following entities :
- Assets
- Stockrooms
- Users
- Places
- Customers included in the Operations Module
- Vendors included in the Operations Module
- Contacts included in the Operations Module
Once on this page, you can setup access to the record by individual user, by group or by department, or all three. By default, these permissions are set to all.
Loaner level permissions are borrowing permissions. This means that although a user might not have permissions to access a record, they might still have permission to borrow it. In other words, when you’re granting permission at a loaner level, you’re giving users the ability to borrow assets or places from the loaner module, without ever giving them management permissions. Loaner permissions are a lot more restricted and by default only allow creating and viewing of records.
In our example, we can choose to restrict who can borrow the equipment or place. By default, both permissions are set to all.
To recap …
- Management and loaner permissions are at a record level.
- By default, they are set to everyone.
- They allow access to specific records.
- The role controls what they can do once on the record.
There you have it, you’ve made it through the roles and permissions guide in the Hector online asset management solution. If you more questions regarding permissions, please contact our sales team who will be happy to explain in detail how permissions can help your organization take control of its inventory!