Schild's access control system

Category: Permissions
Summary:

This article explains Schild's access controls-how user permissions and sensitivity clearances work across your organization and how they affect access to data and functionality.

Overview

To protect your organization, Schild enforces two layers of access control:

1. Permissions – define what actions a user can perform in administration (e.g., view, add, change, delete).
2. Sensitivity clearances – defines what level of information sensitivity a user is cleared to access.

Users must have both the correct permissions and sufficient clearance to access data in administration. Users on the main site must have sufficient clearance, with one caveat: if the user owns the record (it was created by or reported by the user on the main site), and it is classified higher than the user's existing clearance, the user retains access.

Permissions

Permissions define what administrators can do within each area of the platform. There are generic permissions for each record type, and more specific ones. The generic permissions follow a view, add, change, and delete pattern.

Example: An administrator with view equipment and change equipment permissions can view and update equipment records, but cannot create or delete them.

Additional permissions exist to give finer protection. For example, users cannot view compensation amounts without being given the view permission. For a complete list of permissions, navigate to the "Permissions" section of administration.

Sensitivity clearances

To protect potentially sensitive information Schild further controls access with sensitivity clearances (security clearances). The sensitivities are the following, with Schild Technologies' interpretation of the record sensitivity meanings:

Users at or above a record's sensitivity can access the record, others cannot. Root super administrators are not exempt.