Role-Based Access Control (RBAC)
Aligni provides role-based access control (RBAC) for user accounts. RBAC allows site administrators a compromise between simplicity and flexibility when granting user access to their data without sacrificing data integrity or security. The Aligni RBAC is built on a foundation of a few pre-determined roles in addition to user-configurable roles to add additional access.
There is exactly one administrator account for each organization. The administrator maintains complete control of the organization and is granted all permissions.
In addition to data management and visibility permissions, the administrator is granted the following exclusive permissions:
- Manage organization settings
- Manage backup settings
- Manage user accounts
- Manage roles
Accounts are granted permissions by enrolling them in one or more roles (described below) from the account’s settings page. Roles grant permissions additively. One role cannot remove access that has already been granted by another.
Librarians / Data Managers
One important permission that is often granted its own role is Can Manage Data. This permission grants fairly broad management access to a number of items in your Aligni database:
- Inventory locations and sublocations
- Units and Unit Conversions
- Part Types
- Engineering Change Management Priorities, Sequences, Reasons, and Dispositions
- Custom Parameters
A Role is a collection of discrete permissions that can be additively granted to users. One or more roles may be granted to each user. The user is then granted all granted permissions from each role.
Several permissions have optional qualifiers that allow the permission to apply only under certain conditions. For example, you can grant the permission to view inventory at all inventory locations or at one specific location. To grant permission to view inventory at multiple inventory locations, you will need to create a role for each inventory location, then apply all of these roles to the user.
Also note that many permissions imply the grant of some other permission. For example, to grant permission to manage inventory will also, necessarily, grant permission to view inventory. These implied permissions are indicated in the permission list and will automatically take effect when the role is saved.
The table below contains a comprehensive list of available permissions and the abilities they provide.
|View Costs||View cost information (inventory cost, quotes, pricing history, etc).|
|Enter Quotes||Manually enter a quote for a part. (not ActiveQuote)|
|Manage Data||Management of site-wide data such as inventory locations, units, part types, custom part parameters, labels, etc.|
|Create New Parts||Create new parts.|
|Delete Parts||Delete a released part as long as it is not in inventory and is not used on any assemblies.|
|Release Parts||Release a draft part or part revision.|
|Edit Released Parts||Edit the non-revisioned parameters for a released part.|
|Create Draft Revisions||Create new drafts from existing parts.|
|Edit Released Part Revisions||Override the draft/release process to make edits to revisioned parameters for a released revision without creating a new revision.
This applies to custom parameters as well as part lists.
|Manage Alternate Parts||Add, edit, or delete alternate parts.|
|Manage Approved Vendors||Add, edit, or delete approved vendors.|
|View Attachments||View part and revision attachments.|
|Add Attachments||Add attachments to parts and draft revisions subject to the attachment handling setting.|
|Manage Attachments||Edit and remove existing attachments.|
|Edit Lifecycle Parameters||Edit parameters specified as “lifecycle parameters” at any time.|
|Suppliers, Customers, Contacts|
|View Suppliers||View supplier details.|
|Manage Suppliers||Create and edit supplier information and attachments.|
|View Customers||View customer details.|
|Manage Customers||Create and edit customer information and attachments.|
|View Contacts||View contact details.|
|Manage Contacts||Create and edit contact information and attachments.|
|View ActiveQuotes||Visit the ActiveQuote system to view quote requests and responses.|
|Create ActiveQuotes||Create quote requests, edit and delete their own, and submit them for approval.|
|Delete ActiveQuotes||Delete active and completed quotes. Without this permission, users may only delete their own draft or pending quotes.|
|Submit ActiveQuotes||Submit quote requests to vendors.|
|Approve ActiveQuotes||Approve quote requests for submittal.|
|View Purchasing||Visit the purchasing system.|
|Create Purchasing||Create purchases, edit their own, add/delete attachments, and delete them.|
|Manage Purchases||Manage open and completed purchases even if they’re not their own. This includes adding / removing items, adding removing attachments, and deleting purchases.|
|Submit Purchases||Submit purchases for approval. This permission may optionally be qualified by a maximum purchase amount.|
|Approve Purchases||Approve pending purchases. This permission may optionally be qualified by a maximum purchase amount.|
|View Build Manager||View the build manager and see builds in progress.|
|Create Build||Create new builds (planned or scheduled).|
|Allocate Build||Allocate items on a build.|
|Reserve Build||Reserve items on a build. This permission may optionally be restricted to a single inventory location.|
|Complete Build||Complete builds. This permission may optionally be restricted to a single inventory location.|
|View Inventory||View inventory. This permission may optionally be restricted to a single inventory location.|
|Create Inventory Transfers||Initiate inventory transfers. This permission may optionally be restricted to a single inventory location.|
|Receive Inventory||Receive inventory on transfers and purchase orders. This permission may optionally be restricted to a single inventory location.|
|Manage Inventory||Manually add, adjust, and move inventory. This permission may optionally be restricted to a single inventory location.||Equipment|
|View Equipment||Required for users to view the equipment index or equipment records.|
|Create Equipment||Permits users to create new equipment.|
|Manage Equipment||Required to edit characteristics of an equipment or configurations such as name, description, etc.|
|Create Logbook Entries||Create logbook entries and add attachments to them.|
|Approve Logbook Entries||Approve draft logbook entries.|
|Create Snapshots||Create a new snapshot configuration.|
|Add Equipment Addenda||Add addenda to configuration snapshots.|
|Manage Equipment Addenda||Edit or delete logbook entry addenda.|