Permissions

1.1 Overview

12d Synergy defines different types of permissions for each of the different entities within 12d Synergy.

However, these can be broken in to two different types: 

1. Visibility - can this entity be seen by a current user or group?
2. Accessibility - how can the current user or group access this entity?

For more information on the permissions available for each entity, please consult the relevant section in this manual.

1.2 Permissions Inheritance

Note that permissions can be inherited, but this can be controlled at the appropriate entity. There are three states for any particular permission in the system.

1. Allowed
2. Denied
3. Undefined

Undefined resolves to denied if no inheritance is set, otherwise it will use the inherited setting.

1.3 Types of Permissions

Explicit Permissions

An explicit permission is a permission applied directly to a user, group or role, such as Read, Write, Create Folder etc. This was the only method of applying permissions before V3.

Permission Sets

V3 introduces a new type of permission, called Permission Sets. Permission Sets are groups of predefined permissions that can be much more easily applied.

For example, you can define a permission set called Data Reader, with the permissions:

• Allow View
• Allow Read

This can be applied against any entity in 12d Synergy. When calculations are calculated, the permission set is checked for its applied permissions.

This means editing the Permission Set, such as denying Write, will automatically change permissions across the system. This makes the process much easier to manage.

1.4 Permission Merging

In some cases, a specific user may be apply permissions from different sources. They may be: 

1. A combination of explicit permissions and evaluated permission sets
2. Applied permissions from a Group
3. Applied permissions from a Job Team

In some cases, it may be any combination of the above, in which case permissions are merged. In this case, the following priorities are used: 

1. Allowed always overrides undefined
2. Denied always overrides undefined and allowed

1.5 Editing Permissions

The Editor

While the permissions available for any entity within 12d Synergy may vary from entity to entity, the editors for users, groups and roles are designed to be consistent and simple to use.

Simply click and select the permission set and/or explicit permissions as required, and add new or delete new users / groups by selecting the plus or minus buttons.

Evaluating Permissions

As discussed in section 10.4 Permissions Merging, permissions may be merged from multiple sources or even inherited, which may mean the permissions you see are not the effective or resolved permissions. To see the permissions that would occur as the result of inheritance or merging, click the Evaluate button in the permissions editor.

You can choose which user or group you want to find and evaluate permissions for simply and easily to see a complete, final list of their access to the entity (such as a folder or job) in question.

1.6 Administrative Permissions

There are several levels of administration available.

1. System Administrator - complete control over the system
2. Job Creator - can create top level jobs
3. Job Admin - has general control over a job, with some restrictions
4. Folder Admin - has general control over a folder, with some restrictions

1.7 Additional Permissions and Restrictions

There are two additional permission modes that can be applied across the system.

1. System Administrators cannot edit all files by default. They can give themselves read or write permission as necessary, though this activity is logged.
   This setting can be changed in the Settings area of the 12d Synergy Administrator.
2. Only System Administrators can purge data by default. This includes files, folders or jobs.
   This setting can be changed in the 12d Synergy Administrator.