Understanding Schild's access control system

Understanding Schild's access control system

Category: Other
Summary:
This article explains Schild's access controls-how user permissions and sensitivity clearances work across your organization and how they affect access to data and functionality.

Overview

To keep your organization secure and compliant, Schild uses two layers of access control:

  1. Permissions – define what actions a user can perform (e.g., view, add, change, delete).
  2. Sensitivity clearances – defines what level of information sensitivity a user is cleared to access.

Users must have both the correct permissions and sufficient clearance to access information. Permissions only concern administrators operating administration. Sensitivity clearances govern all.

Permissions

Permissions define what administrators can do within each area of the platform.

Action Meaning
View Can view the record.
Add Can create new records.
Change Can edit existing records.
Delete Can remove records.

Example: An administrator with view_equipment and change_equipment permissions can view and update equipment records, but cannot create or delete them.

Scope

Schild applies permissions per record type. Examples include:

  • Operations: alarm tests, patrols, compliance audits, shifts, etc.
  • Documents: contracts, licenses, policies, templates, etc.
  • Organizations: users, sites, clients, employment records, etc.
  • ...

There are additional permissions to control specifics:

  • Change sensitivity clearances, view pay type and compensation amounts, etc.

Rules

  • Super administrators have all permissions without explicit assignment.
  • Administrators have no permissions without explicit assignment.
  • Permissions must be assigned by super administrators and those with add or change permission permission in administration.
  • No user regardless of permission can modify the root super administrator's (the user with the username 'administrator') account statuses.

Sensitivity clearances

To protect potentially sensitive information Schild further controls access with sensitivity clearances. All data records have a sensitivity. The record sensitivities are the following:

Level Meaning
Top secret Unauthorized disclosure could reasonably cause exceedingly great damage to the organization or associative parties (including people).
Secret Unauthorized disclosure could reasonably cause serious damage to the organization or associative parties (including people).
Confidential Unauthorized disclosure could reasonably cause damage to the organization or associative parties (including people).
Controlled, unclassified All else

These meanings are subjective. Each organization should establish their own meanings as they pertain to their organization.

Rules

  • The root super administrator's (the user with the username 'administrator') sensitivity can only be changed by the root super administrator him or herself.
  • No user can access records above their sensitivity clearance.
  • Users with an equal or higher sensitivity clearance can access records at or below their clearance.

Features

Resources

Legal

© 2025 Schild Technologies