| Description |
Permissions should only be set from the User Roles screen. Any changes to a User Role will be real-time to anyone assigned to that role and we only need to maintain that 1 table for all permissions. In other words, if I am assigned to a Role, then any changes made to that role are always what I get.
This should make it faster and simpler if we only look to the User Roles for all the Permissions. The way we have it right now is to customizable and prone to confusion and security loopholes. We will require 1 or more user roles in i21 and require every user to be assigned to a role? We will create a default "Admin" role that includes all permissions and then let the Admins create additional roles.
This will eliminate 2 places for controlling and storing permissions and remove any confusion or possible issues where a user is not updated with the latest permission changes. In the User Security screen we could still display all the Permission tabs but they would be Read-Only. Any changes would need to be done in the User Roles screen.
We can also remove the “Apply to Users” button since nothing will need to be applied now.
|