Permissions

Introduction

In Relution, it is possible to configure authorizations at a fine granular level, specifically for individual requirements. This means that a special authorization set can be created for all use cases without users having more functions available than they need.

Multi-factor authentication can also be activated for user accounts via the authorizations. Permissions can also be provided globally via the store organization.

General authorizations

Under Users > Authorizations, authorization templates are already stored for each organization with the installation of Relution, which are configured in the same way as the system groups. These authorizations cannot be changed as they were created automatically. However, it is possible to create new authorizations at any time.

Authorizations are always supplementary. This means that if several authorization configurations have been assigned to a user account, all authorizations are combined.

Configure authorizations

A new entry can be created in the ‘Permissions’ category via ‘Add’. Almost every function available in the Relution Portal can be individually authorized here. As a rule, four options are available: Read, Create, Update and Delete. For example, it is possible to provide users with an account in which they only have read-only authorizations and therefore cannot make any changes to the system. Device actions can also be configured individually. One use case here would be that all actions can be carried out with the exception of device localization. Another use case would be that a person is only allowed to update DEP and VPP tokens in the settings, but is not allowed to make any other changes.

To link the created authorization with user accounts, the user account must be opened and the corresponding authorization must be linked at the bottom of the screen.