Effective Rights in IGEL UMS

The effective rights of a user in the IGEL UMS are the result of:

• General rights which can be granted /denied through permissions to a user directly, or indirectly through group membership, see General Administrator Rights in IGEL UMS .

• Access rights to objects in the structure tree, see Object-Related Access Rights.

• Access rights to the nodes within the UMS Administration area of the UMS Console, see Access Rights in the Administration Area.

Since the same permission settings are used for individual administrators and groups, the description of the configuration of right applies equally to administrators and groups.

Permission Precedence

The indirect rights given to an administrator on the basis of their group membership can be changed further for each administrator in the group, keeping the following in mind:

• Permissions that were granted directly have precedence over those granted indirectly.

• The withdrawal of permissions always overrides the granting of permissions. 

Examples

The precedence of the Deny permission over the Allow permission means:

• If an administrator is a member of several groups with permissions contradicting each other, the Deny permission will overrule the Allow permissions from other groups. Also, if the permission is granted to an administrator directly, it will be nevertheless denied via a group.

  

• If a prohibition is issued for an object in the structure tree or a node in the UMS Administration area, it will apply for all subobjects/subnodes and cannot be withdrawn directly for these subobjects/subnodes.