VisionR implements a role based user management. It supports multiple user authentication mechanisms. Authentication modes can be combined and simultaneously used in a single server installation. Access permissions on data row level enable complex yet easy to handle access definitions. Access rights for the users are set by their user group. Roles are organised in an editable hierarchical tree structure. User groups can inherit access permission from another user groups. This approach saves time, when creating new user permissions and new roles.
The following authentication mechanisms are part of the standard VisionR Installation:
- Login in a web form
- Account approval by an Active Directory Server (NTLM authentication mechanism with KERBEROS)
- Login over URL
These login mechanisms can be used simultaneously. Additional authentication mechanisms can be added as a custom plug-in solution in more complex networks.
Access to VisionR objects is implemented on many levels:
- Mask access (similar to "page" access in a web application)
- Object definition access (similar to "table" access in a relational database)
- Property access (similar to "column" access in a relational database)
- Object access (access permissions for single data rows)
Combining permissions on the different access levels allows very complex access definitions.
Access permissions in VisionR are used to define detailed object access for user roles.
Following permissions are available:
- Read permission
- Insert permission
- Update permission
- Delete permission
- Archive permission
- Execute permission
- Copy permission
The standard installation of VisionR offers a predefined set of user roles and permissions for the different modules. Predefined roles allow fast module deployment. Simple assignment of predefined roles to the registered user accounts is sufficient to start using the application.