Access rights: Standard permission system and Advanced permission system

In preeco | data protection and preeco | information security you can choose between two different permission systems (Settings > User groups and permission system).

Standard permission system

In the standard permission system, no checking of access rights takes place for organizational units of the type "department" but only for "companies".

Likewise, in the standard permission system documents cannot be assigned to multiple companies. The standard permission system is suitable for smaller and medium-sized organizations that want to handle access rights pragmatically rather than formally.

Advanced permission system

The advanced permission system checks the affiliation for all types of organizational units (companies, divisions and departments) and enables the affiliation of documents to any number of organizational units.

Examples:

User ABC belongs to Example GmbH and the subordinate departments "Human Resources" and "Finance". A processing activity is assigned to Example GmbH and the department "Human Resources".

In both the standard permission system and the advanced permission system, User ABC can therefore read and also edit the processing activities.

However, if the processing activity were assigned to Example GmbH and the departments "Human Resources" and "IT", then User ABC could still read and edit the document in the standard permission system (because there is no checking of department affiliation), but in the advanced permission system User ABC could only read the processing activity but not edit it.

The rule of thumb applies (in the advanced permission system): In order to read a document, a user must belong to at least one of the document's organizational units, but in order to edit it, a user must belong to at least all of the organizational units to which the document also belongs.

User ABC would not be able to see at all a document that was assigned to another company.

You can also recognize the distinction of organizational units into the types "company", "department" and "division" by the symbols.

The house symbol shows companies

The symbol with the three circles shows the divisions

Shows the departments

Notes on the "All" toggle in the advanced permission system

If I assign a document to a division "Finance" and then switch on the All toggle, then the document also belongs to future new organizational units below the "Finance" division. If you want the document to belong only to the "Finance" division, then activate only the checkbox before the label "Finance" but not the "All" toggle.