Articles in this section

Permissions: Level of Access and Restrictions

The Level of Access (LOA) system is designed to allow enterprise brands to easily manage who has access to functionality within a hierarchical organization.

Level of Access works by modifying User Roles and restricting sets of functionality within the Role for users that have lower LOA. For best results, we recommend familiarizing yourself with the Roles system before using Level of Access to make changes.

Permissions for complex deployments in the v4 dashboard follow a Russian Doll model where each level is nested within the ones above it. No child can have permissions that its parent lacks and a parent can always impose restrictions on a child.

A model enterprise deployment:

RNDI (Russian Nesting Dolls Incorporated) is an international brand with offices in the US, Canada, and Mexico. Within each of those countries, they have regional divisions, which in turn have sub-regions and multiple locations within each. Because Russian Dolls are such an amazing growth industry, showrooms often have multiple distinct zones; and many of those have multiple players. Let’s chart out the full hierarchy for their Oakland location within their larger organizational structure:

  • RNDI US (National Brand Group - top level)
    • Western Region
      • Northern California
        • Oakland Location
          • ‘Main Sales Floor’ Zone
            • Player 1
            • Player 2
          • 'Design Your Own Doll' Zone
        • Novato
        • Arcata
        • Humboldt
      • Southern California
      • Oregon
      • Washington
      • Nevada
    • North Eastern Region
    • Southern Region
    • Midwest region
  • RNDI Canada
  • RNDI Mexico

Terminology:

  1. All Users are assigned a Role within the Organizational hierarchy that defines what functionality they can access. A user may have more than one Role.
  2. All users are assigned to one or more Zones, Locations, or Groups. This assignment determines their Level of Access (LOA) within the organizational hierarchy.
    1. The LOA is determined by the highest level Group that the user has permissions for within your organization
    2. A user may have different LOAs in different organizations or two different branches of the same organization, depending on the Zones, Locations, and Groups they are added to
      1. In the example of RNDI, this means a single user could be assigned to the Novato and Oakland Locations without gaining access to the entire NorCal sub-region
      2. A user could also have different Roles that correspond to their different Zone/LocationGroup assignments
      3. A user can access any Group, Subgroup, Location, or Zone below their LOA in that branch of the organization that they are a part of
    3. LOA is specific to the user’s branch of the organization.
      1. A user whose LOA is set to the ‘Western Region' within RNDI cannot access the ‘North Eastern Region’, even though they are at the same level within the hierarchy.
      2. A user whose LOA is set to the ‘Western Region' within RNDI can access all Groups, Locations, and Zones contained by the Western Region
  3. Users with the appropriate Role and LOA can impose Restrictions on users with a lower LOA.
    1. These Restrictions essentially turn off sub-sets of functionality within the Role’s normal permissions
    2. At the top level, there are no Restrictions in place, but each level of a complex organization can impose Restrictions on the levels below itself
  4. What a user can do is defined by the intersection of their Role, their LOA in the current branch of the organization, and any Restrictions imposed by users at a higher LOA.
Updated