User right management via roles#

With version 1.18.2 we have added a new way of assigning rights in i-doit. It is now possible to give users or groups rights to objects by linking them via the contact assignment. Furthermore, the rights can also be linked to the assignment of certain roles.

Create a Person group and add a user the group#

Für unser Beispiel erstelle ich eine Test Gruppe in i-doit "User Rights to Objects" und packe einen "Test User" in die Mitgliederzuweisung der Gruppe.
Create a Person group object and a Person object. Add the Person as member to the Person group, via Members category.

Rights assignment#

Now open the Administration -> User permissions and open for example CMDB. Here you insert the title of the Person group object into Person / Group field or select a Person group via the Select button and load the rights.

Condition: Objects with assigned role in contact assignment#

Here you can set the appropriate rights (View, Edit, Archive, Delete, Execute, Administrator) and then select among the parameters either all available roles or only one or more roles that should be used for the assignment of rights.

Condition: Categories in objects with assigned role in contact assignment#

Here you can set the appropriate rights (Create, View, Edit, Archive, Delete, Execute, Administrator) and then select among the parameters either all available roles or only one or more roles and define whether all or only certain categories should be used for the assignment of rights.

Example configuration#

In diesem Beispiel bekommen dann alle Benutzer die Mitglied in der Gruppe "User Rights to Objects" bei Objekten wo Sie in der Kontaktzuweisung mit der Rolle Mitarbeiter verknüpft sind Rechte auf diese Objekte: