Troubleshoot Access Control (Permissions)

For an overview of critical concepts in access control for Loftware Enterprise™ SP, see Controlling Access in Loftware Enterprise SP.

Important: Access in Loftware Enterprise SP requires both role-based permissions Permissions that are assigned to a role and inherited by users who are members of a group to which that role is assigned or by users to whom the role is directly assigned. A user must have both a role-based permission and the corresponding object access permission to perform an action on an object. and object access permissions Permissions in Loftware associated with a specific object or with a folder that control what actions can be performed on that object or on objects within that folder. Each object has default permissions that can be overridden by exceptions for a specific group or user. A user must have both a role-based permission and the corresponding object access permission to perform an action on an object.. For a user to be able to perform an action on an object, the user must directly or indirectly be assigned a role that grants permission to perform that action on that type of object. Additionally, that particular object must either be in a folder that directly or indirectly grants the user access permission to perform that action on that type of object or else that particular object must directly or indirectly grant permission to the user to perform that action. There are several permissions that are only role-based or only object-based and do not require a corresponding permission. Examples include List permission for Folders and all permissions for Model Status (Auto Refresh), Tag Categories, and Devices.

Symptom	Resolution
Users cannot see, open, or select a label template, folder, user, or other object.	See Controlling Access in Loftware Enterprise SP. In particular, review the flowchart in "Order of evaluation limits inheritance" in the "Access Concepts in Loftware Enterprise SP" section.
Users cannot print using a label template or process.	To print, a user requires Read, Create, and Print permissions for Documents. Both role-based permissions and object access permissions are required. For more information, see Controlling Access in Loftware Enterprise SP. Review the flowchart in "Order of evaluation limits inheritance" in the "Access Concepts in Loftware Enterprise SP" section.
Users cannot see a device queue for a device.	To see or change a device queue, a user requires Read and Queue permissions for Device Groups. For more information, see Configuring Device Access.
Permissions for a user are not displayed where expected.	Although a user inherits the roles of a group in which the user has membership, those roles are displayed only on the Roles tab for the group, not on the Roles tab for the user or the Users tab for the role. As a best practice, it is recommended that you configure permissions for roles, assign roles to groups, and add users to groups.
The Reprint feature or role-based Reprint permissions are not displayed.	By default, role-based Reprint permissions are provided to the SuperAdmin, SystemAdmin, and ClientAdmin users and the LOCAL_ADMIN role, but are not included in any other built-in roles such as DOCUMENT_DESIGNER or DOCUMENT_PRINTER. If users should be able to use the reprint feature, then the SuperAdmin, SystemAdmin, or ClientAdmin user or a user with the ROLE_ADMINISTRATOR role can assign Reprint permissions to other roles.
Where a user name should be displayed, User - Access Denied is displayed instead.	For each user, you must grant Read permission for Users so that the user name can be displayed to other users where appropriate, such as in Status.
In Print , the Preview button is not displayed to some users.	To use Print Preview, a user should have a role with Print permission for Documents, have Print permission for Documents for folders containing label templates and images to be previewed, and have Allow Print Preview selected in Preferences .
A Security service not available message is displayed.	See Troubleshoot General Issues.
Users are unable to sign in to Loftware Enterprise SP.	If a Security service not available message is displayed, see Troubleshoot General Issues. If using LDAP authentication, see Troubleshoot LDAP Authentication.