Permissions
General information
The permissions of a user group define the scope within which the users of the group are allowed to move within the application. Within the permissions, a distinction is made between functions and contents.
Permissions can only be customized for custom user groups. For the konfipay standard groups, these permissions are unchangeable.
Functions
The functions of a user group represent which program functions within konfipay the user gets access to.
Assignment of the function permissions
Functions are divided into logical areas (e.g. bank accounts, account transactions, PayPal accounts, etc.). These contain sub-items that define the access within the area. A set check mark means that the permission to a function is given. If the check mark is not set, the users of the group cannot access the function.
Users of this group can only see bank accounts, but not enter, edit or delete them
Combinations of permissions
Access to some areas and functions of the application requires a combination of permissions for different functions:
Example | Necessary permissions |
|---|---|
Enter SEPA Credit Transfer |
|
Enter EBICS contact |
|
View account transactions |
|
Access to a locked function
All functions to which the users of a group does not have access are still displayed for the user and can still be selected via the menu. If a locked function is accessed, the user will receive a corresponding message indicating which permissions are required for access.
Message when accessing a locked function
Contents
With content restrictions, the permissions of user groups or their members can be defined on data level. On the basis of certain rules, content can be hidden throughout the application for the members of a user group.
There are two criteria based on which content is hidden:
Bank accounts
Payment methods
Restrictions on content thus define filters which hide all data to which the users of a group do not have access. In addition to the filter criteria, the operators equal or unequal can be set. The mode of operation will be explained by means of some examples:
Example | Rule | Meaning |
|---|---|---|
 | Criterion: Bank account Operator: equal | When the bank account is equal to DE87290400900104040100, it will be not displayed |
 | Criterion: Bank account Operator: equal | When the bank account is equal to DE87290400900104040100 or DE93750200730024614867, it will be not displayed |
 | Criterion: Bank account Operator: unequal | All bank accounts unequal DE93750200730024614867 will not be displayed. Thus, only bank account DE93750200730024614867 is displayed. |
 | Criterion: Payment method Operator: equal | When the payment method is equal to SALA (salary payment), the payment/account turnover is not displayed |
The list of possible criteria will be extended with upcoming versions.
Membership in multiple user groups
If a user is a member of more than one user group, the permissions or restrictions have an additive effect.
Function permissions for membership in multiple user groups
A user who joins additional user groups receives the additional permissions to shared functions of the new groups. However, the user does not lose any permissions. Accordingly, it is sufficient if one user group of the user grants access to a function to obtain the corresponding permission.
Content restrictions for membership in multiple user groups
If a user joins another user group that is subject to a content restriction, the content restriction takes effect for the user - regardless of whether his other user group would actually allow access. Accordingly, it is sufficient if one user group restricts access to a content to block access for that user.