User Rights
Rights are individual privileges that consist of a specific right action (i.e., the ability to perform a specific function).
In order to perform certain tasks in Odyssey, users need to have the appropriate rights for that task. A user’s rights determine
which areas of the system he or she can access, which options are displayed on a page or dialog box, and what kind of information
the user can modify or view.
All the rights that can be assigned to a user are system-defined. New rights cannot be created; however, the system administrator
is responsible for determining which rights should be given to each user.
A collection of rights is called a right group. A group may have one or numerous right actions, which are individual actions
such as view, modify, add, or delete that are associated with a right group. Right types are collections of associated right
groups. These are displayed as different tabs on the role dialog box.
Rights can be explicitly granted or denied. The explicit grant option (
) specifically grants a user the right to perform a task at a specific location. The explicit deny option (
) specifically denies a user the right to perform a task at a specific location. If a user is assigned roles that both explicitly
grant and explicitly deny the same right, the explicit deny overrides an explicit grant for that right.
) specifically grants a user the right to perform a task at a specific location. The explicit deny option () specifically denies a user the right to perform a task at a specific location. If a user is assigned roles that both explicitly
grant and explicitly deny the same right, the explicit deny overrides an explicit grant for that right.
Rights cannot be individually assigned to users. Instead, rights are assigned to roles and these roles are then assigned to users.
Using Inherited Rights
Odyssey is set up like an organizational chart with different levels (i.e., locations). Rights that are assigned to a user
at a certain location are inherited down to lower locations in the organizational structure. In other words, if a user has
the right to perform a task at a certain location, he or she also has the right to perform the task at any lower locations
in the structure.
Rights may be assigned with an inherited grant. This option means the right to perform a task that is inherited from a higher
location in the organizational structure. It can be overridden by an explicit deny. An inherited deny means a user is denied
the right to perform a task at a higher location in the organizational structure.
Rights Terminology
The following list contains common terminology when discussing rights in Odyssey.
| Term | Description |
|---|---|
| Rights | Individual privileges that consist of a specific right action (i.e., the ability to perform a specific function). |
| Right Groups | A collection of rights; a group may have one or numerous right actions. |
| Right Actions | Individual actions such as view, modify, add, or delete that are associated with a right group. |
| Right Group Description | A text description that explains what happens when a right is assigned to a user in a particular group. |
| Right Categories | An attribute used to categorize right groups on a page. |
| Right Types | Collections of associated right groups. |
| Explicit Grant | Specifically granting a user the right to perform a task at a specific location; can be overridden by an explicit deny. |
| Explicit Deny | Specifically denying a user the right to perform a task at a specific location; can override an explicit grant. |
| Inherited Grant | Right to perform a task that is inherited from a higher location in the organizational structure; can be overridden by an explicit deny. |
| Inherited Deny | A user is denied the right to perform a task at a higher location in the organizational structure |