Navigation
Academic Area Reservations
Academic Areas
Academic Classifications
Academic Sessions
Add Academic Session
Add Application Setting
Add Building
Add Course Credit Type
Add Course Credit Unit
Add Course Offering
Add Course Type
Add Curriculum
Add Date Pattern
Add Default Manager Setting
Add Department
Add Designator
Add Distribution Preference
Add Event
Add Event Date Mapping
Add Event Info
Add Event Meetings
Add Examination
Add Examination Distribution Preference
Add Examination Period
Add Examination Type
Add Instructional Type
Add Instructor
Add Instructor Role
Add Logging Level
Add Non-University Location
Add Position Type
Add Reservation
Add Role
Add Room
Add Room Feature
Add Room Feature Type
Add Room Group
Add Room Type
Add Solver Configuration
Add Solver Group
Add Solver Parameter
Add Solver Parameter Group
Add Special Use Room
Add Sponsoring Organization
Add Standard Event Note
Add Status Type
Add Student Accommodation
Add Student Group
Add Student Scheduling Status Type
Add Subject Area
Add Time Pattern
Add Timetable Manager
Add User
Administration Reports
Alternatives for Class
Application Configuration
Application Of Preferences
Application.properties
Assign Instructors
Assigned Classes
Assigned Examinations
Assignment History
Bugs
Buildings
CPSolver
Chameleon
Change Log for Student
Change Message for Student
Changes
Class Assignment
Class Assignment Properties
Class Assignments
Class Detail
Class Schedule
Classes
Classes for Student
Conflict-Based Statistics
Constraint Solver Howto
Contact Us
Course Credit
Course Credit Formats
Course Credit Types
Course Credit Units
Course Finder
Course Reports
Course Reservations
Course Types
Credits
Current User
Curricula
Curriculum Detail
Curriculum Projection Rules
Curriculum Requested Enrollments
Curriculum Timetable
Custom Room Availability
Customizations
Data Exchange
Date Patterns
Default Academic Session
Default Manager Settings
Departmental Timetable
Departments
Designator List
Distribution Preferences
Distribution Types
Eclipse
Edit Academic Session
Edit Application Setting
Edit Building
Edit Class
Edit Course Credit Format
Edit Course Credit Formats
Edit Course Credit Type
Edit Course Credit Types
Edit Course Credit Unit
Edit Course Credit Units
Edit Course Offering
Edit Course Type
Edit Course Types
Edit Curriculum
Edit Date Pattern
Edit Default Manager Setting
Edit Department
Edit Designator
Edit Distribution Preference
Edit Distribution Type
Edit Event
Edit Event Date Mapping
Edit Event Date Mappings
Edit Event Status
Edit Event Statuses
Edit Examination
Edit Examination Distribution Preference
Edit Examination Period
Edit Examination Type
Edit Examination Types
Edit Instructional Type
Edit Instructor
Edit Instructor Role
Edit Instructor Roles
Edit Logging Level
Edit Logging Levels
Edit Manager Setting
Edit Offering Consent Type
Edit Offering Consent Types
Edit Permission
Edit Permissions
Edit Position Type
Edit Position Types
Edit Reservation
Edit Role
Edit Roles
Edit Room
Edit Room Availability
Edit Room Departments
Edit Room Event Availability
Edit Room Feature
Edit Room Feature Type
Edit Room Feature Types
Edit Room Features
Edit Room Group
Edit Room Groups
Edit Room Preference
Edit Room Type
Edit Scheduling Subpart
Edit Solver Configuration
Edit Solver Group
Edit Solver Parameter
Edit Solver Parameter Group
Edit Sponsoring Organization
Edit Standard Event Note
Edit Status Type
Edit Student Accommodation
Edit Student Accommodations
Edit Student Group
Edit Student Groups
Edit Student Scheduling Status Type
Edit Student Scheduling Status Types
Edit Subject Area
Edit Time Pattern
Edit Timetable Manager
Edit User
Enrollment Audit PDF Reports
Enrollments of Class or Course
Event Date Mappings
Event Detail
Event Reports
Event Room Availability
Event Room Selection
Event Statuses
Event Timetable
Events
Exact Time Pattern
Exam Naming Convention
Examination Assignment
Examination Assignment Changes
Examination Conflict-Based Statistics
Examination Detail
Examination Distribution Preferences
Examination PDF Reports
Examination Periods
Examination Reports
Examination Schedule
Examination Solution Properties
Examination Solver
Examination Solver Log
Examination Solver Status
Examination Timetable
Examination Timetabling
Examination Types
Examinations
Frequently Asked Questions
Hibernate Statistics
Instructional Offering Configuration
Instructional Offering Cross Lists
Instructional Offering Detail
Instructional Offerings
Instructional Types
Instructor Detail
Instructor Preferences
Instructor Roles
Instructors
LDAP Authentication / Lookup
Last Changes
Localization
Logging Levels
Main Page
Majors
Manage Instructor List
Manage Solvers
Manager Settings
Mass cancel...
Meetings
Minors
Multiple Class Setup
Not-Assigned Classes
Not-Assigned Examinations
Offering Consent Types
Online Student Scheduling Dashboard
Page Statistics
People
People Lookup
Permissions
Personal Schedule
Personal Timetable
Position Types
Reservations
Roles
Roll Forward Session
Room Availability
Room Detail
Room Feature Types
Room Features
Room Groups
Room Timetable
Room Types
Rooms
SVN
Scheduling Subpart Detail
Scripts
Select Academic Session
Select User Role
Send email...
Setup Examination Periods
Solution Properties
Solution Reports
Solver
Solver Configurations
Solver Groups
Solver Load Balancing
Solver Log
Solver Parameter Groups
Solver Parameters
Solver Status
Solver Warnings
Special:Userlogin
Sponsoring Organizations
Standard Event Notes
Status Types
Structure of Distribution Preferences
Student Accommodations
Student Conflicts
Student Groups
Student Scheduling Assistant
Student Scheduling Status Types
Student Sectioning Dashboard
Student Sectioning Reports
Student Sectioning Solution Properties
Student Sectioning Solver
Student Sectioning Solver Log
Subject Areas
Subject Timetable
Suggestions
Test HQL
Time Patterns
Timetable
Timetable Managers
Timetables
Timetabling
Timetabling Benchmarks
Timetabling CVS Access
Timetabling Development using MyEclipse
Timetabling Development using NetBeans
Timetabling Installation FAQ
Tips and Tricks
Types of Distribution Preferences
UniTime 3.4 Online Documentation
UniTime Installation
UniTime:Documentation Guidelines
Update Meetings
Users (Database Authentication)
 

Permissions

Screen Description

The table in the Permissions screen lists all the roles in UniTime and all the permissions that these roles have or do not have. A new role can be added by a user from the Roles page. The permissions granted to each role can be changed by clicking on the line with that role or changes can be performed in bulk by clicking on the Edit button.

Details

Since UniTime 3.4, there is a permission for each page and/or operation (see Right enum for the full list). The roles are no longer used directly by UniTime, instead there is a mapping between a role and a set of these permissions (which is defined on this Permissions page). Each permission consist of a right (of the Right enum), a level (an object type on which it is to be evaluated) and a permission check. For a user to have access, he/she has to have the right, and the permission check must succeed on the given object (e.g., an academic session, a department, a class, or a room). The object type is shown in the Level column on the Permissions page, next to the Name of the right it applies to. The rights with level Global do not evaluate on a particular object per se, they apply globally (like traditional role permissions) and there is no permission check.

Permissions work together with the academic session and department statues. An academic session has a status (see Academic Sessions page), which can be overridden by a department status (see Departments page). These statuses are defined on the Administrator > Other > Status Types page, and each status has a set of toggles (defined by the DepartmentStatusTypes.Status enum). Each permission can take the status of the academic session (and/or the department) into account as needed.

In other words, having a particular permission DOES NOT necessary mean that the appropriate page is available for any data (e.g., Class Edit permission does not grant an ability to edit every class in UniTime). Each permission also consists of a permission check which usually include:
  • Check that the object in question is of the department and the academic session of the current authorization (role and academic session selection) of the user.
  • Check that the academic and/or department status allows for the object to be viewed and/or edited. See Status Types for the existing statuses.
  • For event permissions, check that the event status of the appropriate room allows for the room to be requested / approved. See Event Statuses page and the event approval workflow & permissions.
  • Few additional, permission specific checks. For instance, only a room that does not have any events already booked in can be deleted.
These checks are implemented by the classes in org.unitime,timetable.security.permissions package.

For instance, see the ClassEdit permission. A given class can be edited by a user if
  • user's current role has the Class Edit permission enabled (otherwise the permission check is not even executed)
  • the appropriate offering either does not need to be locked (student online scheduling is not enabled) or is already locked (from students to be able to get in)
  • and either one of the following is true:
    • user is associated with the controlling department of the class (class  controlling course  subject area  department) and the session / (managing) department state allows for OwnerEdit
    • user is associated with the managing department of the class (class  manager, e.g., an external department assigned to the class on the Instructional Offering Configuration page) and the session / (managing) department state allows for ManagerEdit
Also, some of the above can be overridden by having the Session Independent, Department Independent, or Status Independent rights (see the department check) in the current role. A user with a session independent role does not need to be associated with a particular academic session to be able to access it (e.g., a System Administrator can manage all academic sessions in the system). A user with a department independent role does not need to be associated with all the departments to be able to see / make changes to all the objects of a particular type in an academic session (e.g., an Examination Manager can edit or timetable any examination). A users with a status independent role can make changes despite the current academic session and/or department status. Please note, that a user with a department independent role still needs to be associated with at least one department of the academic session (on the Timetable Managers page), as there is no direct relation between timetabling managers and academic sessions (it goes through the departments).

This quite complicated model is in there to allow for the control to pass from schedule deputies (responsible for data entry and timetabling of some (departmental) classes) to some central office (or offices) for timetabling. It is also needed to be able to timetable (and/or enter data for) different problems at different time. For instance, large lecture room classes are timetabled first, while schedule deputies are still able to work on the input data for their departmental problems but can no longer change requirements for the large classes.

Operations

The table with permissions has roles on top and permissions on the left. Roles can be hidden by clicking on the table header and unchecking roles that the user does not wish to display.

The table can be sorted by any of the column headers - click on the column header and then on Sort by ColumnName. 

Click on any line to go to the Edit Permission screen for a particular permission, or click on the Edit button to go to the Edit Permissions screen where you can edit all the combinations of roles and their permissions at once.

Permissions page can be accessed by users with Permissions permission, but only users with Permission Edit permission can make changes.


Updated on Jul 3, 2013 by Zuzana Müllerová (Version 10)

Attachments (1)

Permissions.png - on Jul 3, 2013 by Tomáš Müller (Version 1)