Skip to main content
Skip table of contents

Rights and roles

The term "right" is used here as an equivalent to "object right". The term role is used here as an equivalent to object role.

Rights always refer to a zone, never to a single object or a single template (or library). For the sake of simplicity, we will only refer to objects in the following. A right is required to be able to perform certain actions on an object in a specific zone. For example, the user needs a right to be able to enter transactions for holders in a specific zone.

As with system rights, the same applies to object rights: Object rights are not assigned directly to a user. Instead, the rights are combined in one role.

In contrast to the system rights, the object rights are not assigned directly to the user. Instead, an object role is assigned to a user in a specific zone. It is also possible for a user to perform different roles in different zones.

Hinweis zum Leserecht

The right to read is a special right. It is never explicitly mentioned. In fact, by assigning a role to a specific zone, a user implicitly always receives read permission for this zone. If a user should only have read-only access to this zone, a role can simply be used that does not contain any rights.

Example

In this example, you can see the simplified interaction of users, object zones, roles and the rights assigned to the roles. "User 1" is assigned to "Role 1" and "OZ 1". In the example, he receives "Right 1" and "Right 2" at "OZ 1" via "Role 1". "User 2" has "Right 1" to "OZ 1" via the "Role 2" assigned to him. In the object zone "OZ 2", on the other hand, he assumes "role 3" and therefore has the rights "right 2" and "right 3" in this zone.

Hierarchical arrangement of object rights

Certain rights make it necessary for the role to contain another right. This applies to both object and system rights. You can find an example in the section System rights and system roles .

Sub-rolls

Object roles can be linked in the same way as system roles. This means that one role is subordinate to another role. As a result, all rights of the subordinate role are transferred to the superordinate role. A role can also combine several roles.

A complete list of all (object) rights can be found in the section Object rights.

Theoretically, all object rights can be assigned to an object role. However, it should be noted that certain object rights do not make sense in some contexts. This means that only certain rights are required if a user is connected to the zone of a certain type via a role.

Example: The "Create transactions of a securities account object" right is irrelevant if the role is only connected to a template zone.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close