Access Control Guide


Johny Georges
Last Updated: 8 months ago

Introduction


This guide is intended to help you get a firm understanding of TimeRepo's design and thought process regarding access control and to help you setup roles for your organization.

 

 


 

 

Access Control Philosophy


Given the nature of the information that is stored on TimeRepo, we are wary of the consequences of providing access to certain data to unauthorized users which is why we focus on applying the Principle Of Least Privilege everywhere we see fit.

 Access Control Paradigm


The paradigm we use for access control in TimeRepo is a role-based paradigm. This paradigm is meant to mimic the shared responsibilities of employees within an organization.

To elaborate, a role-based paradigm means that organizations within TimeRepo create and assign roles to their users. Multiple users can be assigned to the same role similar to how a company is structured.

 

 


 

 

Create A Role


In order to create a role, you will need to be the owner of your organization or have a role assigned to you with the Administrate Roles permission.

Navigate to
Admin Menu > Manage Roles

Every organization has a default role. A default role is assigned to any newly added users to your organization.

Toggle on all of the different permissions you would like your new role to have.

Assign Role

Now that you've successfully created a role, you can assign it to any one of your employees. If you're not logged in as the owner, make sure you have the Administrate Roles permission or the Change Users Role permission

Navigate to,
Admin Menu > Assign Roles


Was this article helpful?