Log In

Access Control Logic

System Security Framework

Advanced permission logic and security implementation

Dynamic tab visibility control
Multi-layered security features
Comprehensive auditing system

The access control logic determines how permissions are evaluated and enforced throughout the Enerlites Portal. This system ensures secure, role-based access to features and data while maintaining comprehensive audit trails.

Management Tab Visibility

The management tabs are dynamically filtered based on user permissions:

Tab Visibility Logic

Team Management: hasManagementAccess
Attendance Tracker: hasManagementAccess OR canEditCreateUsers
PTO Tracker: hasManagementAccess OR canEditCreateUsers OR canAccessPTOTracker
Insurance Tracker: canAccessInsuranceTracker
Training Tracker: hasManagementAccess

Navigation Redirection

Automatic User Routing

  • No Management Access: Users are redirected based on their highest permission level
  • Insurance Only: Redirected to Insurance tab
  • PTO Only: Redirected to PTO tab
  • Attendance Only: Redirected to Attendance tab
  • No Permissions: Redirected to Dashboard

Feature-Level Access Control

Form Submissions

  • All Users: Can submit most forms (time off, tools, etc.)
  • Manager Approval: Forms routed to appropriate managers
  • Special Approvers: Certain forms (unpaid leave) route to specific approvers
  • Validation: Permissions checked before form submission

Data Visibility

  • Department Filtering: Users typically see data for their department
  • Management Override: Management permissions override department restrictions
  • Privacy Protection: Sensitive data restricted to authorized users
  • Dynamic Filtering: Real-time permission-based data filtering

Import/Export Functions

  • CSV Import: Requires canEditCreateUsers permission
  • Data Export: Available to users with relevant management permissions
  • Bulk Operations: Restricted to administrative users
  • Audit Trail: All import/export operations logged

Security Features

Permission Inheritance

  • Hierarchical Structure: Higher permissions include lower-level access
  • Role Stacking: Users can have multiple complementary permissions
  • Override Protection: System prevents unauthorized permission elevation
  • Inheritance Validation: Automatic validation of permission hierarchies

Access Logging

  • Permission Changes: All permission modifications are logged
  • Administrative Actions: Management activities are tracked
  • User Access: Login and feature access is monitored
  • Data Modifications: Changes to sensitive data are recorded

Session Management

  • Permission Validation: Permissions checked on each request
  • Session Expiration: Automatic logout for security
  • Permission Refresh: Real-time permission updates
  • Invalid Access Prevention: Unauthorized access attempts blocked

Data Protection

  • Role-based Filtering: Data filtered based on user permissions
  • Sensitive Information: Protected data requires specific permissions
  • Department Isolation: Department-specific data protection
  • Export Controls: Data export restricted by permission level

Permission Management

Assigning Permissions

  1. 1. Access Team Management: Requires hasManagementAccess
  2. 2. Select User: Choose user to modify
  3. 3. Manage Permissions: Click permissions action
  4. 4. Select Permissions: Check/uncheck permission boxes
  5. 5. Save Changes: Apply new permission set

Troubleshooting

Access Denied Issues

  1. 1. Verify user's assigned permissions
  2. 2. Log out and back in to refresh session
  3. 3. Ensure no conflicting permission settings
  4. 4. Contact IT if persistent problems

Feature Not Visible

  1. 1. Check permission requirements for feature
  2. 2. Clear browser cache and cookies
  3. 3. Allow time for permission updates to propagate
  4. 4. Confirm user role matches intended access level

Compliance and Auditing

Permission Auditing

  • Regular Reviews: Quarterly permission audits recommended
  • Access Reports: Generate reports on user permissions
  • Change Tracking: Monitor permission changes over time
  • Compliance Checking: Ensure permissions align with job roles

Documentation Requirements

  • Permission Matrix: Maintain documentation of role-permission mappings
  • Change Log: Record all permission modifications
  • Access Justification: Document business reasons for permission grants
  • Review Schedule: Establish regular permission review cycles

Regulatory Compliance

  • Data Access Controls: Ensure compliance with data protection regulations
  • Separation of Duties: Maintain appropriate role separation
  • Audit Trails: Comprehensive logging for compliance purposes
  • Access Certification: Regular certification of user access rights
Previous
Permission Combinations
Next
Training System