Operations
When permissions for a role is given to a display opr dashboard in MOPS 4.0, it is done using named operations such as ‘Read & Write’ or ‘Full Control’. Selecting one of these operations assigns a set of basic permissions. The list of available basic permissions, is listed in the table below.
From version 2.1.12 of MOPS, permissions are inherited in the directory and do not need to be set on all items in the directory. See Permission> Inheritance
| Basic Permission | Description |
|---|---|
| List | A user may see the item in lists and can see only basic details such as name, description, owner, etc. This permission exists to allow a user to see that items exists and request access to them from the owner or system administrator. |
| Read | Right to read the data of an item/entity. |
| Write | Right to update the data or settings of an existing item/entity. |
| Execute | Right to execute the function associated with an item. For an Alert this give rights to operate it (Escalate, Deactivate, …). |
| Create | Right to create child items under this item. |
| Grant | Right to administer permissions of this item. |
| Delete | Right to delete this object. |
The user interface provide the following operations for selecting a set of the above basic permissions:
| Operation Name | Associated Basic Permissions |
|---|---|
| Full Control | List, Read, Write, Execute, Create, Grant, Delete |
| Read | List, Read |
| Read & Write | List, Read, Write |
| Execute | List, Read, Execute |
| Grant | List, Read, Grant |
| Delete | List, Delete |
Permission Inheritance
The directory utilizes permission inheritance after installing MOPS 4.0 where the enterprise node has read, create and execute permissions for the User role. Site nodes inherit these and so will every entity below them unless inheritance is disabled for an entity. This also means that all roles that inherit from the user role have these permissions.
Example of a directory tree listing permissions:
| Directory node | Permissions |
|---|---|
| Enterprise | User has Read, Create & Execute. |
| ⠀⠀Mill A | ser has Read, Create & Execute inherited. |
| ⠀⠀⠀⠀Overview Dashboards | User has Read, Create & Execute inherited. |
| ⠀⠀⠀⠀Process Displays | Inheritance disabled, User has Read & Execute added. Operator has Read & Execute as Operator is based on User |
| Designer has Read & Execute as Designer is based on User. Designer has Create & Delete added. | |
| ⠀⠀Mill B | User has Read, Create & Execute inherited. |
| ⠀⠀⠀⠀Trends | User has Read, Create & Execute inherited. Operator has Delete added. Designer has Delete added. |
In this example, the system was installed with an enterprise node Enterprise and two sites under
it called Mill A and Mill B.
An administrator added the folders Overview Dashboards and Process Displays under Mill A, they
will inherit Read, Create & Execute permissions for User role. This means that most other
roles, which in a standard installation also will inherit this, such as Designer and Operator.
Process Displays has inheritance disabled, so the inheritance of Read, Create & Execute
permissions for User role no longer applies. Instead, this folder is given Read & Execute
permissions for User, so that they cannot create anything in this folder. Designer and
Operator roles also have these roles as they inherit the permissions given to User. Operator
has Read & Execute added. Designer has Create & Delete added.
The folder Trends under Mill B has inherited Read, Create & Execute from it’s parent Mill
B. Operator has Create & Delete added. Designer has Create & Delete added.
Who can access what in this directory example? below is a table of all permissions:
| Node | Role | Inherited Permissions | Added Permissions | All Permissions |
|---|---|---|---|---|
| Enterprise | User | N/A | Read, Create, Execute | Read, Create, Execute |
| Mill A | User | Read, Create, Execute | Read, Create, Execute | |
| Overview Dashboards | User | Read, Create, Execute | Read, Create, Execute | |
| Process Displays | User | Read, Execute | Read, Execute | |
| Process Displays | Operator | Read, Execute | Read, Execute | |
| Process Displays | Designer | Read, Execute | Create, Delete | Read, Execute, Create, Delete |
| Mill B | User | Read, Create, Execute | Read, Create, Execute | |
| Trends | User | Read, Create, Execute | Read, Create, Execute | |
| Trends | Operator | Read, Create, Execute | Delete | Read, Create, Execute, Delete |
| Trends | Designer | Read, Create, Execute | Delete | Read, Create, Execute, Delete |