Navigation
Academic Area Reservations
Academic Areas
Academic Classifications
Academic Sessions
Add Academic Session
Add Application Setting
Add Building
Add Course Credit Type
Add Course Credit Unit
Add Course Offering
Add Course Type
Add Curriculum
Add Date Pattern
Add Default Manager Setting
Add Department
Add Designator
Add Distribution Preference
Add Event
Add Event Date Mapping
Add Event Info
Add Event Meetings
Add Examination
Add Examination Distribution Preference
Add Examination Period
Add Examination Type
Add Instructional Type
Add Instructor
Add Instructor Attribute
Add Instructor Attribute Type
Add Instructor Role
Add Logging Level
Add Non-University Location
Add Position Type
Add Reservation
Add Role
Add Room
Add Room Feature
Add Room Feature Type
Add Room Group
Add Room Type
Add Solver Configuration
Add Solver Group
Add Solver Parameter
Add Solver Parameter Group
Add Special Use Room
Add Sponsoring Organization
Add Standard Event Note
Add Status Type
Add Student Accommodation
Add Student Group
Add Student Group Type
Add Student Scheduling Status Type
Add Subject Area
Add Teaching Responsibility
Add Time Pattern
Add Timetable Manager
Add User
Additional Distribution Constraints
Administration Reports
Advisor Course Recommendations
Alternatives for Class
Application Configuration
Application Of Preferences
Application.properties
Assign Instructors
Assigned Classes
Assigned Examinations
Assigned Teaching Requests
Assignment History
Attachment Types
Banner Academic Sessions
Banner Message Responses
Banner Offering Detail
Banner Offering Edit
Banner Offerings
Banner Term CRN Properties
Batch Student Solver Dashboard
Bugs
Building UniTime
Buildings
CAS Authentication
CPSolver
Chameleon
Change Log for Student
Change Message for Student
Changes
Class Assignment
Class Assignment Properties
Class Assignments
Class Detail
Class Duration Types
Class Schedule
Class Timetable
Classes
Classes for Student
Conflict-Based Statistics
Constraint Solver Howto
Contact Us
Course Credit
Course Credit Formats
Course Credit Types
Course Credit Units
Course Finder
Course Reports
Course Reservations
Course Timetabling Solver
Course Timetabling Solver Log
Course Types
Credits
Current User
Curricula
Curriculum Detail
Curriculum Projection Rules
Curriculum Requested Enrollments
Curriculum Schedule
Curriculum Timetable
Custom Room Availability
Customizations
Data Exchange
Date Patterns
Default Academic Session
Default Manager Settings
Departmental Schedule
Departmental Timetable
Departments
Designator List
Distribution Preferences
Distribution Types
Eclipse
Edit Academic Session
Edit Application Setting
Edit Building
Edit Class
Edit Course Credit Format
Edit Course Credit Formats
Edit Course Credit Type
Edit Course Credit Types
Edit Course Credit Unit
Edit Course Credit Units
Edit Course Offering
Edit Course Type
Edit Course Types
Edit Curriculum
Edit Date Pattern
Edit Default Manager Setting
Edit Department
Edit Designator
Edit Distribution Preference
Edit Distribution Type
Edit Event
Edit Event Date Mapping
Edit Event Date Mappings
Edit Event Status
Edit Event Statuses
Edit Examination
Edit Examination Distribution Preference
Edit Examination Period
Edit Examination Type
Edit Examination Types
Edit Instructional Type
Edit Instructor
Edit Instructor Attribute
Edit Instructor Attribute Type
Edit Instructor Attribute Types
Edit Instructor Role
Edit Instructor Roles
Edit Logging Level
Edit Logging Levels
Edit Manager Setting
Edit Offering Consent Type
Edit Offering Consent Types
Edit Permission
Edit Permissions
Edit Point In Time Data Snapshot
Edit Point In Time Data Snapshots
Edit Position Type
Edit Position Types
Edit Reservation
Edit Role
Edit Roles
Edit Room
Edit Room Availability
Edit Room Departments
Edit Room Event Availability
Edit Room Feature
Edit Room Feature Type
Edit Room Feature Types
Edit Room Features
Edit Room Group
Edit Room Groups
Edit Room Preference
Edit Room Type
Edit Scheduling Subpart
Edit Solver Configuration
Edit Solver Group
Edit Solver Parameter
Edit Solver Parameter Group
Edit Sponsoring Organization
Edit Standard Event Note
Edit Status Type
Edit Student Accommodation
Edit Student Accommodations
Edit Student Group
Edit Student Group Type
Edit Student Group Types
Edit Student Groups
Edit Student Scheduling Status Type
Edit Student Scheduling Status Types
Edit Subject Area
Edit Teaching Responsibilities
Edit Teaching Responsibility
Edit Time Pattern
Edit Timetable Manager
Edit User
Email
Enrollment Audit PDF Reports
Enrollments of Class or Course
Event Date Mappings
Event Detail
Event Reports
Event Room Availability
Event Room Selection
Event Schedule
Event Service Providers
Event Statuses
Event Timetable
Events
Exact Time Pattern
Exam Naming Convention
Exam Timetable
Examination Assignment
Examination Assignment Changes
Examination Conflict-Based Statistics
Examination Detail
Examination Distribution Preferences
Examination PDF Reports
Examination Periods
Examination Reports
Examination Schedule
Examination Solution Properties
Examination Solver
Examination Solver Log
Examination Solver Status
Examination Statuses
Examination Timetable
Examination Timetabling
Examination Types
Examinations
Exporting Solver XML
Frequently Asked Questions
Hibernate Statistics
Instructional Methods
Instructional Offering Configuration
Instructional Offering Cross Lists
Instructional Offering Detail
Instructional Offerings
Instructional Types
Instructor Assignment Preferences
Instructor Attribute Types
Instructor Attributes
Instructor Detail
Instructor Preferences
Instructor Roles
Instructor Scheduling
Instructor Scheduling Solver
Instructor Scheduling Solver Log
Instructors
LDAP Authentication / Lookup
Last Changes
Limit and Projection Snapshot
Localization
Logging Levels
Lookup Classes
Lookup Examinations
Main Page
Majors
Manage Instructor List
Manage Solvers
Manager Settings
Mass cancel...
Meetings
Minors
Multiple Class Setup
Not-Assigned Classes
Not-Assigned Examinations
Not-Assigned Teaching Requests
Offering Consent Types
Online Student Scheduling Dashboard
OpenStreetMap
Page Statistics
People
People Lookup
Permissions
Personal Examination Schedule
Personal Schedule
Personal Timetable
Point In Time Data Reports
Point In Time Data Snapshots
Position Types
PostgreSQL
Published Schedule Runs
Reservations
Roles
Roll Forward Banner Session
Roll Forward Session
Room Availability
Room Detail
Room Feature Types
Room Features
Room Groups
Room Schedule
Room Timetable
Room Types
Rooms
SVN
Saved Timetables
Scheduling Dashboard Filter
Scheduling Subpart Detail
Scripts
Select Academic Session
Select User Role
Send email...
Setup Examination Periods
Setup Teaching Requests
Solution Properties
Solution Reports
Solver
Solver Configurations
Solver Groups
Solver Load Balancing
Solver Log
Solver Parameter Groups
Solver Parameters
Solver Status
Solver Warnings
Sponsoring Organizations
Standard Event Notes
Status Types
Structure of Distribution Preferences
Student Accommodations
Student Advisors
Student Conflicts
Student Course Requests
Student Group Types
Student Groups
Student Luch Break
Student Scheduling Assistant
Student Scheduling Status Types
Student Sectioning Dashboard
Student Sectioning Reports
Student Sectioning Solution Properties
Student Sectioning Solver
Student Sectioning Solver Log
Subject Areas
Subject Schedule
Subject Timetable
Suggestions
Task Details
Task Scheduler
Teaching Assignment Changes
Teaching Assignment Detail
Teaching Assignments
Teaching Request Detail
Teaching Responsibilities
Test HQL
Time Patterns
Timetable
Timetable Managers
Timetables
Timetabling
Timetabling Benchmarks
Timetabling CVS Access
Timetabling Development using MyEclipse
Timetabling Development using NetBeans
Timetabling Installation FAQ
Tips and Tricks
Types of Distribution Preferences
UniTime 4.5 Online Documentation
UniTime Installation
Update Meetings
Users (Database Authentication)
 

Permissions

Screen Description

The table in the Permissions screen lists all the roles in UniTime and all the permissions that these roles have or do not have. A new role can be added by a user from the Roles page. The permissions granted to each role can be changed by clicking on the line with that role or changes can be performed in bulk by clicking on the Edit button.

Details

Since UniTime 3.4, there is a permission for each page and/or operation (see Right enum for the full list). The roles are no longer used directly by UniTime, instead there is a mapping between a role and a set of these permissions (which is defined on this Permissions page). Each permission consist of a right (of the Right enum), a level (an object type on which it is to be evaluated) and a permission check. For a user to have access, he/she has to have the right, and the permission check must succeed on the given object (e.g., an academic session, a department, a class, or a room). The object type is shown in the Level column on the Permissions page, next to the Name of the right it applies to. The rights with level Global do not evaluate on a particular object per se, they apply globally (like traditional role permissions) and there is no permission check.

Permissions work together with the academic session and department statues. An academic session has a status (see Academic Sessions page), which can be overridden by a department status (see Departments page). These statuses are defined on the Administrator > Other > Status Types page, and each status has a set of toggles (defined by the DepartmentStatusTypes.Status enum). Each permission can take the status of the academic session (and/or the department) into account as needed.

In other words, having a particular permission DOES NOT necessary mean that the appropriate page is available for any data (e.g., Class Edit permission does not grant an ability to edit every class in UniTime). Each permission also consists of a permission check which usually include:
  • Check that the object in question is of the department and the academic session of the current authorization (role and academic session selection) of the user.
  • Check that the academic and/or department status allows for the object to be viewed and/or edited. See Status Types for the existing statuses.
  • For event permissions, check that the event status of the appropriate room allows for the room to be requested / approved. See Event Statuses page and the event approval workflow & permissions.
  • Few additional, permission specific checks. For instance, only a room that does not have any events already booked in can be deleted.
These checks are implemented by the classes in org.unitime,timetable.security.permissions package.

For instance, see the ClassEdit permission. A given class can be edited by a user if
  • user's current role has the Class Edit permission enabled (otherwise the permission check is not even executed)
  • the appropriate offering either does not need to be locked (student online scheduling is not enabled) or is already locked (from students to be able to get in)
  • and either one of the following is true:
    • user is associated with the controlling department of the class (class  controlling course  subject area  department) and the session / (managing) department state allows for OwnerEdit
    • user is associated with the managing department of the class (class  manager, e.g., an external department assigned to the class on the Instructional Offering Configuration page) and the session / (managing) department state allows for ManagerEdit
Also, some of the above can be overridden by having the Session Independent, Department Independent, or Status Independent rights (see the department check) in the current role. A user with a session independent role does not need to be associated with a particular academic session to be able to access it (e.g., a System Administrator can manage all academic sessions in the system). A user with a department independent role does not need to be associated with all the departments to be able to see / make changes to all the objects of a particular type in an academic session (e.g., an Examination Manager can edit or timetable any examination). A users with a status independent role can make changes despite the current academic session and/or department status. Please note, that a user with a department independent role still needs to be associated with at least one department of the academic session (on the Timetable Managers page), as there is no direct relation between timetabling managers and academic sessions (it goes through the departments).

This quite complicated model is in there to allow for the control to pass from schedule deputies (responsible for data entry and timetabling of some (departmental) classes) to some central office (or offices) for timetabling. It is also needed to be able to timetable (and/or enter data for) different problems at different time. For instance, large lecture room classes are timetabled first, while schedule deputies are still able to work on the input data for their departmental problems but can no longer change requirements for the large classes.

Operations

The table with permissions has roles on top and permissions on the left. Roles can be hidden by clicking on the table header and unchecking roles that the user does not wish to display.

The table can be sorted by any of the column headers - click on the column header and then on Sort by ColumnName. 

Click on any line to go to the Edit Permission screen for a particular permission, or click on the Edit button to go to the Edit Permissions screen where you can edit all the combinations of roles and their permissions at once.

Permissions page can be accessed by users with Permissions permission, but only users with Permission Edit permission can make changes.


Updated on Dub 2, 2015 by Zuzana Müllerová (Version 1)

Attachments (1)

Permissions.png - on Čvc 3, 2013 by Tomáš Müller (Version 1)