5.1.3 Assigning access permissions according to organizational hierarchy
To limit accesses at the group level, you must set a Managed label for the desired group and then set the same Managed label for the user role. The example below shows the flow of limiting access by either User or Manager. The job menu selected when this is set is shown in parentheses.
|
|
![[Figure]](GRAPHICS/ZU085300.GIF)
-
Set Managed label in the detail information for the group level whose access you wish to limit (Group and User).
Set Section as the Managed label for Sales Section 1 and Sales Section 2, and set Department as the Managed label for the Sales Department. For details about setting Managed label, see 16.1.1 Adding a group.
-
Set Managed label in the detail information for the user role (Role).
Set the Managed label set for the group (Section or Department) to the user role (User or Department head) for which you wish to limit access. For details on setting user roles, see 11.1.1 Adding a new user role.
-
Log in under the user role for which access has been limited.
User A, who holds User role, can display only information for Sales Section 2, to which this user belongs. User B, who holds Department head role, can display information for the entire Sales Department.
The order of steps 1 and 2 can be reversed.
If you assign a division to a user for whom access control is set according to an organizational hierarchy, you can view and modify the asset information of the group belonging to the division, in addition to the access scope that is set for the user.
- Note
-
When changing a managed label, make sure that the managed label set for the user role is also changed.