Object Access Permissions
The object access permissions
Permissions in Loftware associated with a specific object or with a folder that control what actions can be performed on that object or on objects within that folder. Each object has default permissions that can be overridden by exceptions for a specific group or user. A user must have both a role-based permission and the corresponding object access permission to perform an action on an object. that a user is granted or denied in Access Control
Important: Access in Loftware Enterprise SP requires both role-based permissions Permissions that are assigned to a role and inherited by users who are members of a group to which that role is assigned or by users to whom the role is directly assigned. A user must have both a role-based permission and the corresponding object access permission to perform an action on an object. and object access permissions Permissions in Loftware associated with a specific object or with a folder that control what actions can be performed on that object or on objects within that folder. Each object has default permissions that can be overridden by exceptions for a specific group or user. A user must have both a role-based permission and the corresponding object access permission to perform an action on an object.. For a user to be able to perform an action on an object, the user must directly or indirectly be assigned a role that grants permission to perform that action on that type of object. Additionally, that particular object must either be in a folder that directly or indirectly grants the user access permission to perform that action on that type of object or else that particular object must directly or indirectly grant permission to the user to perform that action. There are several permissions that are only role-based or only object-based and do not require a corresponding permission. Examples include List permission for Folders and all permissions for Model Status (Auto Refresh), Tag Categories, and Devices.
In Loftware Enterprise SP, object access permissions are specific to a type of object. For example, instead of a generic Create permission, there is a separate Create permission for each type of object, such as Create permission for Folders, Create permission for Users, Create permission for Documents, and Create permission for Data Services. Users assigned particular role may be granted Create permission for Documents, but denied Create permission for Integrations.
Permissions
The following permissions exist in Loftware Enterprise SP. All of these permissions can be configured for a folder and inherited by objects within the folder. Alternatively, the permissions that are relevant to a specific object can be configured for that object.
|
Permission |
Description |
|---|---|
|
Read |
The permission to see an object. Note: When configuring a user, it is recommended that you grant Read permission for Users to all users so that the user name of the user can be displayed to other users where appropriate in Loftware Enterprise SP. |
|
Write |
The permission to save changes to an object. Tip: Users who promote or import label templates, applications, business rules, forms, images, layer objects, layouts, reusable objects, or workflow templates should have Create permission for Documents and Write permission for Documents on the destination server. Likewise, users who promote or import other types of objects should have Create permission and Write Permission for the relevant object types. Create permission is required for promoting or importing into a folder where an object of the same name does not exist. Write permission is required for promoting or importing into a folder where an object of the same name already exists. |
|
Create |
The permission to add an object. Tip: Users who promote or import label templates, applications, business rules, forms, images, layer objects, layouts, reusable objects, or workflow templates should have Create permission for Documents and Write permission for Documents on the destination server. Likewise, users who promote or import other types of objects should have Create permission and Write Permission for the relevant object types. Create permission is required for promoting or importing into a folder where an object of the same name does not exist. Write permission is required for promoting or importing into a folder where an object of the same name already exists. |
|
Delete |
The permission to remove an object. |
|
Admin |
The permission to use the Default Permissions, Group Permissions, and User Permissions panels for the object. For roles, this permission allows you to grant permissions. Note: To take control of a version-controlled object that is checked out by another user so that you can make changes or check it in, Admin and Read permissions for Documents are required. |
| List | The permission to see the name of an object in a list. Available only for Folders. This permission does not require a corresponding role-based permission. |
|
|
The permission to print using an object such as a label template or print to a device. If version control is used, this permission allows you to print using the latest published version Note: To create a print job, Read and Create permissions for Jobs are also required. Note: To use Print Preview, a user should have a role with Print permission for Documents, have Print permission for Documents for folders containing label templates and images to be previewed, and have Allow Print Preview selected in Preferences |
|
Design Print |
The permission to print sample labels from Label Design |
|
Publish |
The permission to transition a version-controlled object to the next major version and reset the minor version to zero, creating a published version Note: Publish permissions are available only for a folder or a version-controlled object. |
|
Reprint |
The permission to reprint an object such as a label template or job, or to reprint to a device. If version control is used, this permission allows you to reprint any published version |
|
Queue |
The permission to see and change a device queue. Available only for device groups. |
Types of Objects
Permissions for the following types of objects can be configured at the folder level and inherited by all objects in the folder. Although configuring object access permissions at the folder level is recommended, you can also configure object access permissions for a specific object.
|
Object |
Description |
Permissions Available |
|---|---|---|
| Folders |
Containers used to organize objects. |
Read Write Create Delete Admin List |
| Users |
People accessing the Loftware Enterprise SP environment. Note: When configuring a user, it is recommended that you grant Read permission for Users to all users so that the user name of the user can be displayed to other users where appropriate in Loftware Enterprise SP. |
Read Write Create Delete Admin |
| Groups |
Collections of users. |
Read Write Create Delete Admin |
| Roles |
Collections of permissions that can be associated with users or groups. |
Read Write Delete Admin |
| Documents |
Objects such as label templates, applications, business rules, forms, images, layer objects, layouts, reusable objects, or workflow templates. Note: Publish permissions are available only for a folder or a version-controlled object. Tip: For the Images folder and the Reusable Objects folder, Designers must have Read permission for Documents so that they can view and use images and reusable objects. Tip: Users who promote or import label templates, applications, business rules, forms, images, layer objects, layouts, reusable objects, or workflow templates should have Create permission for Documents and Write permission for Documents on the destination server. Likewise, users who promote or import other types of objects should have Create permission and Write Permission for the relevant object types. Create permission is required for promoting or importing into a folder where an object of the same name does not exist. Write permission is required for promoting or importing into a folder where an object of the same name already exists. |
Read Write Create Delete Admin Design Print Publish Reprint |
|
Field Data Catalogs |
A predefined set of field names with associated parameters that can be added to a label template, layer object, or reusable object to streamline the design process and validate field compliance. |
Read Write Create Delete Admin Publish |
| Device Groups |
Collections of connections to one or more physical devices. Note: A device group can contain only one device connection. |
Read Write Create Delete Admin Design Print Reprint Queue |
| Servers |
A Loftware Application Server in a Loftware Enterprise SP environment configured to use distributed services. A server contains a server process, also called a JVM process. Important! In an environment with distributed services, to permit a user to perform administrative tasks related to services you must assign Read and Write permissions for Servers. These permissions must be assigned for each server in Access Control |
Read Write Create Delete Admin |
| JVM Processes |
The server processes associated with a Loftware Application Server in a Loftware Enterprise SP environment configured to use distributed services. A server can contain a server process. Each server process inherits the permissions of the server that is its parent. |
Read Write Delete Admin |
| Jobs |
The data sent to a device. Note: A single process contains a single job. For Data Providers |
Read Write Create Delete Admin Design Print Reprint |
| Processes |
Collections of label templates, layouts, devices, and jobs. Note: A single process contains a single job. For Data Providers, you must assign the Read and Print permissions for Processes. Note: Publish permissions are available only for a folder or a version-controlled object. |
Read Write Create Delete Admin Design Print Publish |
| Integrations |
Connectivity bridges between Loftware Enterprise SP and other applications. An integration enables an administrator to route print requests initiated by users in another application through Loftware Enterprise SP to be processed. |
Read Write Create Delete Admin |
| Data Services |
Connections to databases that can be used to retrieve data from databases. Note: To use a data service when designing a label or to print a label that includes a Database data source, a user must have a role that provides Read and Print permissions for Data Services for the data service. Note: Publish permissions are available only for a folder or a version-controlled object. |
Read Write Create Delete Admin Design Print Publish |
| User Profiles |
Collections of preferences, typically controlling what is initially displayed to a user on various pages in Loftware Enterprise SP. |
Read Write Create Delete Admin |
| Remote Sites |
Connections to computers that have access to devices that are not directly accessible by a Loftware Application Server. |
Read Write Create Delete Admin |
| Facilities |
Connections to and configuration for Loftware Enterprise SP installations that are managed by a headquarters. Each facility is associated with a Loftware Enterprise SP license for which Usage is set to Facility. Note: Facilities and other functionality related to multi-site deployment are available only if your Loftware Enterprise SP license has the Multi-Site property enabled. Some options are displayed only if you are signed in to the headquarters site. |
Read Write Create Delete Admin |