SDL BaccS provides flexible system to control access to a data stored in your database.

This security system allows to create roles and assign those roles to users. Roles specify a set of rules which allow or restrict access to a specified data. It is possible to control access right on the level of individual forms and fields. If access is restricted to some form, it will be hidden from the UI. If access is restricted for some field, than a user with that role will see 'Protected content' label instead of actual data contained in that field.

The whole security system is controlled via two main forms available through the Other/tools section of the navigation tree: Role and User.

User form allows to simply create, edit and delete users, assign roles and set passwords. It also contains some notification settings and allows to link user logins with particular contractors and customers.

To create a new user, click New button on the ribbon. To edit existing user, simply double click on it.

Change my password and Reset password buttons allow to set a new password, if it is empty, or reset existing password (admins only).

For newly created users, you may check Change password on first logon checkbox to force users to create a new password when application will be launched for the first time.

Is active checkbox allows to temporary disable current user (without deleting it).

E-mail field allows to provide an e-mail used for sending messages to this user.

If you are creating a user for Contractor, to allow this contractor to login into web-portal, select this contractor in the Associated contractor field.

If you are creating a user for Customer, to allow this customer to login into web-portal, select this customer in the Associated customer field.

Note. When a user has associated contractor or customer, you can click Send login details to compose a message with information how to login into the portal.

On the Notifications tab you can setup internal notifications sent to a user. If you select Receive notifications checkbox, this user will get notifications about actions are performed by Contractors or Customers. Examples of such actions: contractor partially of fully delivers a job, contractor registers an invoice, customer creates a new job. By default, this checkbox is set for Admin user. But if you also wish your managers to get similar notifications, check this box for respective users too.

Notification method field allows to select a channel to send messages to a user. Possible values are In-application (messages will be sent using internal notifications mechanism), E-mail (messages will be sent to an e-mail address specified in the E-mail field), or Both.

If you wish a user to receive notifications about actions performed only by specified users, add them to the table below checkbox. If this table is empty, a user will receive all notifications. Otherwise, a user will receive notifications only from listed users.

To assign roles, use Roles table. Using default controls, add roles which currently edited belongs to. The Is administrative option is intended to simplify the unrestricted access definition and grants all available permissions to a role. If a role is administrative, it is impossible to deny any rights unless the administrative permission was removed. Can edit model checkbox specifies if current role has access to the Model editor.