User Access Rights (Permissions)
Security is important. Aurora gives you the ability to open up, or lock down, a users access to various sections of the platform. This can be complemented by Access Groups, to which multiple users can be assigned, allowing access to be managed centrally.
This article helps get you started managing your User Access Rights/Permissions.
Introduction
Access to functionality in Aurora can be tailored to meet a wide range of circumstances.
Access can be managed in three ways:
- Individually, on a user by user basis
- Centrally using identity groups
- A combination of identity groups with further individual settings
In addition to the above, access rights can be set for each area of Aurora. For example, you can grant access to one area, whilst denying access to another. You can then further refine a users access, by defining what they are allowed to do in that area. For example, allowing a user to create new entries, but not have the ability to delete existing entries.
A users access rights can be viewed and edited on the Users > All Users > Edit User > Access Rights tab.
Identity Group access rights can be managed on the Users > Identity Groups > Edit Identity Group > Access Rights tab.
Levels of Access
There are several levels of access that can be granted. These can be individually set for each area of Aurora.
Levels of access can also be granted independently of each other. For example a user could be given View and Edit access to the Site Text section, which will allow them to make changes to existing items. However, without being given Delete access, the same user wouldn't be able to remove items.
To be able to Add, Edit or Delete items, View access will also be required.
| Access Level | Description |
|---|---|
| View | Allows a user to view a page and its items. |
| Add | Enables the user to add new items to the relevant section. |
| Edit | Gives the user the ability to edit existing items. |
| Delete | Permits a user to delete items. |
| All | Grants full access. Allows the user to View, Add, Edit and Delete. |
Types of Access
In addition to either allowing or denying access to specific areas, access can be set to "fallback" to an Identity Group. This allows you to centrally manage access rights for multiple users. Identity Groups are discussed in more detail below.
| Access Type | Icon | Description |
|---|---|---|
| Allow |  | Gives a user access to either View, Add, Edit or Delete. |
| Deny |  | Prevents a user from accessing a certain area, or performing a specific action. |
| Fallback |  | Takes a users access rights from an assigned identity group. If no identity group is defined, access defaults to Deny. |
| N/A |  | Represents access that can't be granted to users. For example, a user can't Edit or Delete items that appear on the Administration Log. |
Modules
Access rights can be set differently for each area of Aurora. The hierarchy of these follows that of Aurora, with parent modules (such as Order, Products and Store) and child pages (such as Failed Orders, Categories and Associated Sites).
For a user to have access to a child page, they also need to have access to the parent module. For example, for a user to be able to View, Add, Edit or Delete Site Text, they would also need the relevant access for the Content module.
For Areas of Aurora that don't have specific access rights defined, access rights are taken from the parent module. For example, the Order Enquiries page doesn't have specific access rights, therefore access to the page will be decided by its parent module, in this case Orders.
Take care when editing the access rights for the user you are logged in as. If you remove your own access to the Access Rights section, you will be unable it restore it yourself.
Identity Groups
Access rights can either be managed individually per user, or centrally using identity groups. Identity Group access rights can be managed on the Users > Identity Groups > Edit Identity Group > Access Rights tab, in the same way a users individual access rights are managed.
If access rights for a user are set to Allow or Deny, those rights will be adhered to. However, when any user access rights are set to Fallback, the access rights for those features will be taken from the assigned identity group.
If no access right is defined in the identity group for the feature, the access right will default to Deny.
Using this feature, you can assign many users to an identity group, but also tailor their access further by setting a few specific access rights.
| User Access Right | Identity Group Access Right | Result |
|---|---|---|
| Allow | Deny | Allow |
| Deny | Allow | Deny |
| Fallback | Allow | Allow |
| Fallback | Fallback | Deny |
To assign a user to an identity group, navigate to the Users > All Users > Edit User > Identity Groups tab. All available identity groups will be listed here. If a user is assigned to a particular identity group, a green tick icon will be shown. The identity groups to which a user is not assigned will be indicated by a red cross. To add or remove a user from an identity group, click on the relevant red cross/green tick icon to toggle the setting.
Updated almost 3 years ago