In this article, we will discuss the differences between roles, permissions, qualifications, and access control.
Differences between roles, permissions, qualifications, and access control.
Regardless of the defined user role, access control prevents users from viewing, opening, or editing a document or report. Thus, the system blocks unauthorized access to resources on the platform, unlike roles, which only define the general framework of functionalities.
Roles: The functional framework of a user
A user's roles (e.g., Editor, Assistant) determine which actions they can perform with orders, documents, and/or reports. An "Editor" (or content creator) can edit documents, while an "Operator" can initiate and execute created content as an order, report, or task.
Access control: Precise control of access to documents, orders, etc.
Access control goes beyond defining roles. It precisely determines which user or user group has access to specific content such as documents, reports, orders, or tasks - regardless of the assigned role. This ensures that only authorized individuals have access to certain resources. Unauthorized access is reliably prevented by the system.
Thus, access control enables a more precise management of access to individual contents, going beyond role-based permissions.
Permissions: Fine-tuning within the role
Within a role, all functional parts of the software can be activated or deactivated via the permissions table.
Qualifications: Requirements for specific tasks
Qualifications are used when specific requirements must be met for the execution of certain tasks - such as in reports or entire orders. This allows for the determination that only appropriately qualified operators are allowed to edit or execute certain content.
The following list is intended to assist you.
Permissions table
Permission | Effect | Further Information |
Orders | Enables the basic menu item “Orders” in the left side menu and provides a view of the orders. |
|
Creating and edit orders | Orders can be created using the “New order” button, existing order data can be modified. |
|
Manage order series (rules) | The menu item “Series (rules)” appears in the left side menu, where entire order series can be planned and created in advance for the future. |
|
Adjust schedule for individual steps | Exceptions and individual rules can thus be mapped within the order series creation/processing (visible by clicking on the inserted document -> right side menu “Schedule of individual steps”). |
|
Archive & manage archived | This allows orders to be removed from the order overview list and removed orders to be restored. |
|
Attach, detach and reorder documents and reports | Users with this authorization can add new documents (or reports) within an order, remove existing ones from the order and completely rearrange the order. |
|
Permission | Effect | Further Information |
Reports | Enables the general "Reports" menu item in the left sidebar, allowing access to ongoing and completed reports. |
|
Start from document | When enabled, adds the menu item "Start Report" in the left menu. Allows operators to execute created documents as reports. |
|
Use QR-Scanner | Allows linking and calling documents via QR codes. Enables the "QR Scanner" menu item in the sidebar. |
|
Show completed reports | Allows reopening of completed reports. A relevant menu option is shown in the report details section. | |
Allow customizing report name and class characteristics | Allows modification of the title and classification for ongoing reports. |
|
show report timestamps | Enables/disables the display of employee names and timestamps during report handling. | May be required by the works council. |
Reopen report | Allows reopening of completed reports. Intended for specific roles/users. | All actions are audit-logged.
|
Create file exports (PDF, CSV, XLSX) | Adds options in the report details view (top-right kebab menu) for exporting report data. |
|
Archive & manage archived | Allows archiving of reports not needed anymore and reactivation from the archive. |
|
Manage external access to reports | Enables sharing specific reports with individuals without Operations1 access (read-only). Found in kebab menu of report detail view. |
Permission | Effect | Further Information |
Tasks | General permission to access the "Tasks" menu in the left sidebar. | |
Delete tasks | Grants permission to delete existing tasks. |
|
Permission | Effect | Further Information |
Documents | Allows both internal and external sharing of document links. The “Share Link” option can be found either in the table view (row-end kebab menu) or in the document detail view.
| Dokumente in Operations1 erstellen: Neue Dokumente mit Operations1 erstellen | Operations1 |
Manage external access to documents | Allows the internal and external sharing of document links.
‘Share link’ can be found either in the tabular document overview on the right in the row (kebab menu) or directly in the document detail overview, also at the top right in the kebab menu. | |
Classify multiple documents | This can be used to classify several documents at once in the table document overview! |
|
Publish directly without review | If this permission is enabled, documents can be published directly and without further verification. |
|
Review and approve to publish | This permission allows the addressed role to review and subsequently approve requested documents. |
|
Attache tags to interactions | If this authorisation is enabled, documents can be published directly and without cross-checking. |
|
Remove multiple documents | This grants the role the authorisation to remove several documents at once in the tabular document overview (checkboxes). |
|
Create autofill-interaction |
| |
AI Document Automator | If this authorisation is activated, users in this role can also use the AI Document Automator in the ‘Documents’ area in addition to classic document creation. In the documents area, the button is displayed directly next to the ‘Document. | |
Global Assets | This authorisation enables general access to global assets (media and materials). |
|
Manage global assets |
|
|
Permission | Effect | Further Information |
Analytics | The ‘Analytics’ menu item is activated / deactivated with this permission. | Detailed analyses: Quartile und Boxplots |
Cycle times | Get access to the ‘ Processing times’ feature in ‘Analytics’! |
|
Permission | Effect | Further Information |
Qualifications | Give the role the basic permission for the feature qualification | |
Manage qualifications | Allows the role, for example, to add or remove a corresponding qualification as a requirement for a document. |
|
Permission | Effect | Further Information |
Settings |
|
|
Report execution | Authorisation to start and edit reports. The ‘Start report’ item appears in the menu on the left-hand side. | |
PDF report | Enables the role to output reports as finished PDFs. |
|
Users | This gives you access to a user overview and allows you to edit user profiles! | Note: This should only be reserved for administrators! Create users en masse: Create multiple users in bulk | Operations1 |
| Define whether it is an API user and generate a secret token for further use! | Users, roles & API access: Create, manage and assign users and roles | Operations1 |
User groups | This authorisation enables access to user group management. | Manage access control via created user groups. |
|
|
|
Roles & permissions | This makes the ‘Roles’ and ‘ Permissions’ areas accessible. The menu item is visible in "System settings -> User administration". | Note: These areas should only be accessible to administrators!
|
Authentication provider | This allows the ‘Auth provider’ area to be displayed in the system settings. | |
Interaction tags | With this authorisation, you activate the ‘Interaction tags’ menu item. You can also use this authorisation to activate or deactivate interaction tags in the entire software for the specific role! |
|
Document tags | This enables you to activate the ‘Document tags’ menu item. Here you can create and manage tags and activate/deactivate document tags with this authorisation (document tags are set in a document in the ‘Information’ tab). |
|
Classes |
|
|
Class characteristics |
|
|
Classifier Filter |
| |
Units | If this authorisation is granted, the ‘Units’ menu item appears in the system settings and you can create your own units (and use them later in documents) |
|
QR-codes | Enable / disable access to the creation/management of QR codes (System settings -> Data centre -> QR codes). In addition, allow / prohibit the specific role from using QR codes in the software. (QR code scanner under ‘Start report’ is displayed / not displayed) |
|
Automator |
|
|
Webhooks | To configure webhooks accordingly, you can make the area accessible using this authorisation. | Overview: Provided Webhooks
|
API permissions | If this authorisation is active, you can create an API user (token) in the user table. |
|
Tokens | Ist diese Berechtigung aktiv, können Sie in der Benutzer-Tabelle einen API-User (Token) erstellen. |
|
Permission | Effect | Further Information |
Access Control | Activates the basic ‘Access documents’ for that role. | |
Overwrite access control | Important! Overwrites any access restriction that has been set!
Note: Only use this function as long as you have not fully implemented the access authorisation. | |
Manage access | The access authorisations for the respective document, report, task or order can be managed under the ‘Access’ tab. |
|
Access Control (AC)
** Important note regarding the permission "Access to all documents and reports"
Please take a moment to carefully understand the implications of the permission "Access to all documents and reports". This permission allows you to bypass access control on documents, reports, orders, etc. It is intended to make it easier for you to get started with access control.
* Special caution when access control is active
A special note applies in the case that you have activated access control, but have not yet assigned corresponding access rights to your content (e.g. documents, reports, orders) or have not yet created and assigned user groups. In this scenario, only explicitly authorized users or groups will have access to the respective content.
Therefore, make sure that all relevant permissions and group assignments are set up correctly to ensure the desired access.
Access control is a central element in the secure and targeted management of permissions within a system. Especially in combination with class filters and qualifications, it unleashes its full potential - making it a powerful, yet complex tool. Careful planning is therefore essential.
In the article linked below, you will learn about the central role of access control, the application areas in which it can be used, the requirements that must be met, and why user groups play a crucial role in this. In addition, you will receive practical tips for effective use in your everyday work.
Qualifications
Qualification Management: Controlling and Securing Knowledge
The Qualification Management module from Operations1 supports you in ensuring the targeted use of knowledge in your company. It ensures that employees can only work with certain tasks or documents if they have the necessary qualifications - for example, through completed safety training, courses, or time-limited authorization certificates.
Simple management and transparent assignment
Qualifications can be easily created, assigned with an individual validity period, and assigned to individual users. In addition, optional reminder periods can be defined, allowing for timely action before a qualification expires.
Linking with documents for maximum security
By directly linking qualifications with specific documents, it is clearly defined what knowledge is necessary to, for example, start a report. If a required qualification is missing or has expired, an automatic stop mechanism prevents the execution of the relevant process. This ensures process security and quality standards at all times.
Learn how to create, manage, and work with qualifications.