The permission system in N365 is complex. Privileges can be derived from many sources thus you should carefully design a privileges matrix for your application.
There are no privileges for an application. You can only indicate the application administrator. Such a person can read all documents in the application, add new documents and delete the old ones. Furthermore, the administrator can also modify the application by changing forms, lists, processes, etc. To set the administrator you can do it in the general settings of each application at the bottom of the screen.
A regular user can get access to the application via permission to a single document or form. It is enough to have privileges to add a new document to see application but if you do not have permission to read any documents, the application will be empty.
Form permission #
When configuring the form, you can set permissions in the Permissions tab for every document created on this form.
Add permissions – add users or groups of users who can add the documents,
Full control permissions – add users or groups of users who can modify and delete the document,
Edit permissions – users and groups of users who can modify the document,
Read permissions – users and groups of users who can access the document in read-only mode.
There is also a possibility to configure privileges for the creator of the document. You can add read permission to all and full access to the creator.
Permission to menu elements in the application #
You can restrict the visibility of the menu element to selected users or groups. To set it, choose Restrict permissions checkbox and add users or groups to be able to view this element. Checking Inherit permissions will inherit view permissions from a parent menu element. If the parent menu element does not have any defined permissions child menu element remains visible.
Document permission #
Each document inherits permission from the application and form. You can check it on the tab Permissions. But remember, if a user is an application administrator he can read the document but he is NOT listed on the permission tab.
Using this tab, you can change permission to the specific document by adding or removing privileges. You can remove privileges derived from the form but cannot remove application privileges.
Process permission #
There is a special kind of permission – permission derived from the process. When you are an actor in the process, you must be able to edit and save the document. Therefore by default, when you do something in the process (you are one of the process actors) system gives you permission. When your step in the process is over, the system does not take away your privileges but changes them to read only so you can read the document but you cannot change it anymore.
Notice, that if you are an actor in the process but the process path omits you (for example executor of the step is anyone from the department and your colleague did the work, he gains the permission), you are not gaining permission.
Changing permission #
Besides changing permission by hand, as described above, the system offers the possibility to change the permission by using a system action. You can configure the process so that the privileges are changed by going through the path. A detailed description of using this action can be found in another article here.
Managing access to data on the form #
When a standard permission system is not sufficient enough, ex. you need to show the document to the user but some of the data should be hidden, you can use the Visibility option to control access to data. You can find a detailed description of this feature in another article. Notice, that you will have to use SQL statement to properly configure this function.
Permissions between system elements #
Other system applications can access certain system elements like forms and lists. To configure those permissions set the Element accessibility in the General tab (Lists) or in the Settings tab (Forms). Elements accessibility options are:
Private – Element can be accessed only from this application
Public – Element can be accessed from any application
Shared with applications – Element can be accessed from certain applications added here.