Use cases for permission management

User should have full functional permissions, but not be able to see salary payments.

Implementation:

• User group Vollzugriff

• Own user group No SALA that has no functional permissions and restricts payment type "SALA"

→ Functional permissions and content restrictions are additive, i.e. the user receives the permissions from the group Full access and the restrictions from the group No SALA

User should be able to work in the client, but not be able to view all data for the bank account “SRZ Test Coba”.

Implementation:

• User group Anwender

• Own user group No DE89 that has no functional permissions and restricts access to the account

→ Functional permissions and content restrictions are additive, i.e. the user receives the permissions from the group Users and the restrictions from the group No DE89

User should receive full function permissions, but only be able to see data on the bank account “SRZ Test Coba”.

Implementation:

• User group Vollzugriff

• Own user group DE89 only that has no functional permissions and only allows access to the account

→ Functional permissions and content restrictions are additive, i.e. the user receives the permissions from the group Full access and the restrictions from the group DE89 only

Users should not be able to see bank accounts with the tag “Secret.”

Implementation:

• Create the tag “Secret” and assign it to the accounts.

• Create a separate user group called No Secret that does not have access to the tag “Secret”.

→ The user can work according to their normal user group, but cannot see accounts/data that have the tag “Secret”.