Logic for Peer-Level Permissions to Take Effect

Logic Introduction

There are three types of permission carriers in the decision-making system: department, role, and user.

There are multiple permission entities in the decision-making system: personnel management, directory permission, system management, data connection, and task schedule.

On the user permission configuration page, if a yellow/gray icon indicating separate user limitation appears next to a user (whether with certain permissions or not), user permission have been configured.

For the same permission entity, user permissions are prior to permissions assigned on other permission carriers.

• If any yellow/gray icon exists, user permissions have been configured and will directly take effect.

• If no yellow/gray icon exists, no user permission has been configured, and the union of department permissions and role permissions will take effect.

• Users' departments are organized in a tree structure. If departments at different levels have different permissions, the permissions of the lowest-level department take effect.

Notes

On the User's Final Permission tab page, if a yellow icon appears next to a permission entity, permissions are individually set for the selected user.

Even if all permissions are disabled, as long as a yellow icon appears, user permissions have been set individually.

To clear user permissions, you can click Restore Inherited Permission.

Lowest-Level Department

Question

The user Anna works in the recruitment team of the company's HR department.

The HR department has the permission to view the employee payslip directory.

While the recruitment team does not have the permission to view the employee payslip directory.

Can Anna view the employee payslip directory?

Answer

For the same permission entity (for example, the employee payslip directory), Anna, who's lowest-level department is the recruitment team, inherits the permissions of the recruitment team. Therefore, Anna does not have the permission to view the employee payslip directory.

Note:

The recruitment team mentioned here is a sub-department under the HR department. If Anna belongs to two departments at the same level simultaneously, the principle of permission union takes effect.

User Permission Priority

Question

The user Tom's role is a core member.

The core member has the permission to view the R&D materials directory.

While the user Tom does not have the permission to view the R&D materials directory.

Can Tom view the R&D materials directory?

Answer

For the same permission entity (for example, the R&D materials directory), the user permissions (if any) configured individually are prior to role/department permissions. Therefore, Tom does not have the permission to view the R&D materials directory.

Permission Union

Question

The user Jack works as the core member in the operation team.

The operation team department has permissions to view and edit the annual meeting materials directory.

The core member only has the permission to view the annual meeting materials directory.

What permissions does Jack have on the annual meeting materials directory?

Answer

For the same permission entity (for example, the annual meeting materials directory), the union of department permissions and role permissions takes effect when no user permission is set. Therefore, Jack has the permissions to view and edit the annual meeting materials directory.