In PaxFlow application, User Access Management involves the following three components:
Users: Users are the members of the organization which interact with the PaxFlow application.
Groups: Groups are the logical sets of people which are designated to perform similar type of tasks. In PaxFlow application, groups are generally created on the basis of the roles of the users. Different groups can be assigned different access permissions depending upon their roles. These permissions enable or disable features for the users of the groups .
Access Rules: Access Rules define the permissions for the users to use different features of the application. Access control is provided at the route or API level. Different features of the application consists of multiple such routes or sub-functions. For example, Booking feature consists of multiple routes like create a booking, edit an activity, cancel booking etc. Access rules can be created to define which user group can access which feature of the application. The access rules are collectively allowed or denied for a group. All the members of the group inherit the same set of permissions.
Default Access: This is an access rules configuration created at the initial set up of the application. This is the set of permissions given to the users by default. Although the default access permissions are set initially as per the customer's requirements, they can be easily modified at any time. It is recommended to review the Default Access permissions thoroughly during set up as they are default permissions for new users.
Each company has different options to configure who has access to which individual route or feature in the application.
- Setting up "Default Access Configuration" which is the default set of permissions for groups and users.
- Setting up "Groups" which either allows things that are not allowed by default or restrict things that are allowed by default.
Consider the example,
Step 1. 'View Passenger List' functionality is disabled by default on initial installation.
Step 2. The default configuration is modified to set permissions for 'View Passenger List' as Allowed.
Step 3. 'View Passenger List' permissions are modified for a given group 'X' and set to Denied.
This means a user not belonging to any group will be able to access the Passenger List feature whereas a user belonging to the group 'X' will not be able to access the Passenger List.