The key unit of the System is a user group(see chapter 6). Its main purpose is to unite different users of the System into a single structure for processing data within the framework of rules regulating the order and conditions for users' access to entity groups .
Provisions on user roles
Below are the basics that are to be followed when you create a user group tree and assign user roles:
- Each user must be assigned to a user group.
- All user groups are organized into a multi-level hierarchy, called a "tree". At the very top of the tree is a root group.
- The role assigned to a user determines his/her permissions in the System. Role permissions cannot be changed.
- None of the System's roles provide full access to all System settings, functions, and resources.
- One user can be assigned to different user groups and have different roles in them. In this case, the user will have access to the resources of the groups he belongs to.
- Each user can have only one role in a user group.
- Permissions of a user assigned to a particular user group are propagated hierarchically to all subordinate (nested) user groups.
- Users belonging to the root group have access to all System resources.
- A user can have individually assigned resources (cameras, lists of persons, number plates lists, etc.) regardless of the hierarchical position of his/her user group.
- Individually assigned resources (cameras, lists of persons, number plates lists, etc.) are view-only.
- No user can remove himself/herself from a user group and, therefore, from the System.
- No user can change his role in a user group or assign resources to himself.
- The system manager is present in the root group only. The settings made by him are valid for the entire System and all users.
- Only the System manager can assign, edit or delete the profile of another System manager.
- A single System manager and the root group cannot be deleted from the System.
- A System manager can add any user to any group and change the role of any user (see the restrictions in p. 18).
- Only the System manager can assign, delete or edit the Camera manager profile.
- A Camera manager can only appear in the root group.
- If a user belongs to only one user group, he/she will be deleted from the System, if he/she is removed from this group. If necessary, a user with the same email can be added to the System again.
- To delete a user group, it must be empty. This means that all assigned resources, as well as all users, are to be deleted from the group. Only then it is allowed to delete a user group.