How To Set Up Default Permissions
DCM can set up default permissions for objects named Access Objects. Access Objects are grouped by type.
The table below describes the list of implemented Access Object types and a default permission set for actions.
| Access Object Type | Default Permission for Actions | Note |
|---|---|---|
| Case Type | Assign, Create, Close, Delete, Detail, Modify, Reopen, Route, View | Case workflow |
| Dashboard | View | Permissions for a dashboard. It is not applied to personal dashboards |
| Dashboard Element | Enable, View | Permissions for a dashboard element. It doesn't apply to personal dashboards |
| Dashboard Widget | View | Permissions for a dashboard widget |
| Email Workitem | Assign Back, Assign To Me, Attach to Case, Create Case, Detach, Documents, Download, Duplicate, Forward, Mark as Read, Mark as Unread, More, Permanent Delete, Re-assign, Reply, Send Email, Trash, Un-Trash | Permissions for email actions. It is acceptable for Email Indexing page and Case Email component |
| Milestone Transition | Execute | Permissions for transitions on milestone builder. It affects the visibility of routing buttons on Case detail pages. |
| Page Element | Enable, View | Permissions for a page element. They are acceptable for all types of detail page |
- The dominant setting defines the dominant permission setting through all unit permission settings. Dominant Permission has high priority if unit permissions are set.
- The default setting defines the default value of each permission. Default Permission has high priority if unit permissions are not set.
- Unit is grouped list of users and named Team, Business Role or Skill.
How do dominant and default settings work? The following example demonstrates security matrix access objects against units for common cases.
| Access Object Type | Action | Unit A | Unit B | Dominant | Default | Result |
|---|---|---|---|---|---|---|
| Email Workitem | Send Email | Deny | Allow | Deny | Allow | NOT DISPLAYED |
| Deny | Allow | Allow | Deny | DISPLAYED | ||
| Default | Allow | Deny | Allow | DISPLAYED | ||
| Default | Allow | Allow | Deny | DISPLAYED | ||
| Default | Default | Deny | Allow | DISPLAYED | ||
| Default | Default | Allow | Deny | NOT DISPLAYED | ||
| Case Type | Create | Deny | Allow | Deny | Allow | NOT DISPLAYED |
| Deny | Allow | Allow | Deny | DISPLAYED | ||
| Default | Allow | Deny | Allow | DISPLAYED | ||
| Default | Allow | Allow | Deny | DISPLAYED | ||
| Default | Default | Deny | Allow | DISPLAYED | ||
| Default | Default | Allow | Deny | NOT DISPLAYED |
The same behavior for other access object types and their actions.