This guide is intended to help you get a firm understanding of TimeRepo's design and thought process regarding access control and to help you setup roles for your organization.
Access Control Philosophy
Given the nature of the information that is stored on TimeRepo, we are wary of the consequences of providing access to certain data to unauthorized users which is why we focus on applying the Principle Of Least Privilege everywhere we see fit.
Access Control Paradigm
The paradigm we use for access control in TimeRepo is a role-based paradigm. This paradigm is meant to mimic the shared responsibilities of employees within an organization.
To elaborate, a role-based paradigm means that organizations within TimeRepo create and assign roles to their users. Multiple users can be assigned to the same role similar to how a company is structured.
Create A Role
In order to create a role, you will need to be the owner of your organization or have a role assigned to you with the Administrate Roles permission.
Admin Menu > Manage Roles
Toggle on all of the different permissions you would like your new role to have.
Now that you've successfully created a role, you can assign it to any one of your employees. If you're not logged in as the owner, make sure you have the Administrate Roles permission or the Change Users Role permission
Admin Menu > Assign Roles