Permissions Logic

ProtoHRM permissions logic

Users and groups must be defined in order to access the system. All permissions are checked against the groups.

Each permission has a user friendly translatable description and "tagdata" , tagdata is the internal way for the system to understand what the user wants to do and if he is allowed to do it.

Tagdata logic:

- Menu Actions / Entities (e.g. Companies table) : Prefix "ma_"
- System Actions : Prefix "sa_"
- Menu items : Permissions table flag
- Data related actions (View, Insert, Update, Delete, Print, Export) , no prefix used.
- Documents actions : Prefix "do_"

The permissions subsystem uses the above logic to allow/permit users view & edit data or documents.

Each time the user requests an action, which is either displayed to him or maliciously someone tries to access this functionality, the system checks if the usergroup is allowed access to that function by checking the user permissions table.