The Veonics Portal User permissions break down by almost every feature provided. This article provides a list of all permissions and headers. Short descriptions are being added to each as needed.
Table of Contents
- Permissions Security
- DEFINITIONS
- RECORDS
- SECURITY
- User
- Export User
- Permission
- Roles
- Organization
- Meta-Permissions
- NAVIGATION
- PENDING
- WEB SERVICES
- ADMINISTRATION
- PORTLETS
Permissions Security
A critical concern in the design of the Veonics Portal is ensuring information security. This is managed through user visibility, permissions, and personalization options for the user's homepage.
Most Veonics Portal objects are accessed through organizations. For data and security objects, access is hierarchical. For other objects, users have read-only access to objects of ancestor organizations and full access to objects at their level or below if privileged. For example, if the hierarchy is:
- Root
- Holding Co 1
- Corporation 1.1
- Location 1.1.1
- Location 1.1.2
- Corporation 1.2
- Corporation 1.1
- Campus HQ 2
- Campus Division 2.1
- Campus Division 2.2
- Holding Co 1
In the hierarchy, a Campus HQ user can manage Campus Division 2.1 and 2.2 card records. Holding Co 1 cannot see or manage any Campus HQ 2 card records.
A user in Campus Division 2.1 can only manage card records within their division. A user in Corporation 1.1 can manage card records in Corporation 1.1, Location 1.1.1, and Location 1.1.2. However, a user in Location 1.1.1 can only manage card records within their division.
Users in Location 1.1.1 can create card groups with design options from Location 1.1.1, Corporation 1.1, Holding Co 1, or Root. This allows Holding Co 1 to create a shared "baseline" design for all customers, while Corporation 1.1 users can create designs available to all divisions.
However, users in Location 1.1.1 can only modify designs within that location. To optimize hierarchical queries, the organization table includes a hierarchy_path field with a path of organization IDs, separated by slashes, from the top of the hierarchy to the current node. This enables hierarchical matches using the "LIKE" operator with a trailing wildcard. Note that although a user can have multiple organization root nodes (in organization_sr_user), it is not recommended as it can lead to ambiguities and inconsistencies and is not easily enforceable across all objects. Additionally, organization types are provided for convenience and are not interpreted by the Veonics Portal.
A particular exception to the hierarchical scheme is found in Queues, where access to a queue is managed by an access control list (ACL). The reason for this is that organizations may define internal procedures regarding where cards are to be printed depending on characteristics that don’t necessarily respond to the hierarchical structure, or even may want to restrict the users able to send cards for printing.
Individual users in the Veonics Portal are granted fine-grained access to specific functions through permissions. Permissions are regularly added and grouped into a tree-like structure in the UI. The most common approach is to grant roles, which are collections of permissions that fit specific use-case scenarios. Roles and their permissions should be regularly reviewed.
One final function of this group is to provide for user customization. Some simple options, typically available for self-service configuration, are JSON-encoded in the “user_options” field. Current options are:
list Number of default records to show in tables across the Portal (default 10)
session Number of minutes to client session expiration (default 15)
queue ID of the default queue for the user
Other options are related to the user’s home page and the available portlets, and their initial location. The Welcome portlet can also be used to display custom messages posted by qualified users, or automatically generated by the system, and these are stored in the message_user table.
DEFINITIONS
Batch Design = Template Designer
Batch Design reference access to functions of the Template Designer
- List Batch Design 93
- Ability to view and select from the list of badge templates within an assigned Organization hierarchy
- Create Batch Design 103
- Ability to select the "New" template button within the Template Designer
- Update Batch Design 104
- Ability to select the "Edit" button when a Template is selected in the Designer list
- Read Batch Design 105
- Ability to only select the "View" button when a Template is selected in the Designer list
- Delete Batch Design 106
- Ability to select the "Delete" badge template within an assigned Organization hierarchy
- Clone Batch Design 111
- Ability to select the "Clone" button when a Template is selected in the Designer list
- Activate Batch Design 113
- Ability to select the "Activate" button within a new template
- Deactivate Batch Design 114
- Ability to select the "Deactivate" button within a new template
- Reactivate Batch Design 115
- Ability to return a template to Active from a Deactive State
- 116 Export Batch Design
- Ability to access the "Export" template button once in an unlocked Template Designer
- Reopen Batch Design 169
- Ability to see the "Unlock" button when Viewing a locked template, which returns it to an Active state
- Generate Import Template for Design
- Ability to see the "Import" button once in a template designer list
Data Import Definition
Clone Data Import Definition
Update Data Import Definition
List Data Import Definition
Delete Data Import Definition
Create Data Import Definition
Export Data Import Definition
Read Data Import Definition
Standard
Clone Standard
Read Standard
Reopen Standard
Activate Standard
Update Standard
Deactivate Standard
Delete Standard
Create Standard
List Standard
Upload Watermark
Reactivate Standard
Catalogs
Read Catalog
Activate Catalog
Update Catalog
Delete Catalog
Create Catalog
Clone Catalog
Allows loading a catalog from a card group's data
List Catalog
Data Export Definitions
Update Export Data Definition
Delete Export Data Definition
Create Export Data Definition
List Export Data Definitions
Read Export Data Definition
Distribution Lists
Reactivate Target List
Manage Target List
Delete Target Lists
Create Target List
Delete Notification
New Notification
Subscribe to User Events
Subscribe to Badge Events
List Target Lists
Read Target List
Notifications Menu
View Notification
Edit Target List General Tab
Allows creation and editing of advanced properties in notifications
Subscribe to Batch Events
Subscribe to Quota Events
Update Target List
Update Notification
Edit Target List Event Tab
List Notifications
Subscribe to Organization Events
RECORDS
Card
Import and Match Images
Update Card
Request Badge Reprint
Mark Card Received
View Batch Date
Reopen Card
Reissue Badge
Deactivate Card
Use the Photo Wizard
Mark a Badge as Lost
Create a card from card view
Delete Card
Count Print Events
Create Card
Send Card to VPQM
Mark Card Not Received
View Badge History
Print Card
Mark a Badge as Stolen
List Card
Edit Card Anytime
Read Card
Allows upload and approval of photo in view mode
Send Photo Requests
Mark a Badge as Shipped
Activate Card
View card group data expanded by default
Enqueue Badge for Printing
Reactivate Card
Batch
Manage Batch Families
Enable Save and Approve for New cards
Create Advanced Filters
Clone Batch
Edit a Ready Batch
Complete Upload Wizard
Allows batch validation of photos
Import Batch
Select card ranges
Photos Batch
Create Batch by Wizard
Update Batch
Move a badge to another card group
Mass Field Update
Activate Batch
Signal the partner that a group is ready for processing
Unlock a Card Group
Allows approval of photos without autoprocess
Reactivate Batch
Obliterate a card group
Export Batch
Read Batch
Allow user to navigate with previous/next buttons through a batch
Deactivate Batch
Allow Saving and Continue mode
Execute Batch Operations
Edit Batch Options
Request card wizard
Use the Upload Wizard
Reopen Batch
List Batch
Delete Batch
Create Batch
Print Batch
Photo
Update Photo
Allow leaving gaps in photos
Choose Photo
Skip_Watermark Photo
Use Google Drive Account
Delete Photo
Create Photo
Verify Photo
Upload Photo
Use Dropbox Account
Verify All Rules
Accept photo "as is"
Read Photo
Link Photo
Export Photo
Allow overriding of minimum resolution rule
Use OneDrive Account
Use Photo Cloud Widget
Field Visibility
Normal Visibility
Management Tier 1 Visibility
Management Tier 2 Visibility
Private Visibility
vID
Proof Card Group vIDs
Allow Generation of VID Token
Allows exporting a vID design as JSON object
Create vID Card Design
View vID without Token
Create vID proofing
Assign vID to Card Group
Approve vID Design
Set Advanced vID Card Design Options
Print proof of vID design
Approve a vID design in proofing
Unlock Approved vID Design
Allow Edit of Existing vID Card Design
SECURITY
User
Edit Roles
List User
Read User
Configure User Self-service Options
Role Menu
Update User
Create user accounts from a card group
Activate User
View User Subscriptions
Export User
Configure Advanced User Options
List Roles
Delete User
Create User
Password User
Permission
Delete Permission
Create Permission
Read Permission
Update Permission
Role
Delete Role
Create Role
Read Role
Update Role
Organization
Update Organization
Manage Organization Quotas
Reactivate Organization
List Organization
Delete Organization
Create Organization
Read Organization
Meta-Permissions
Grant Record Permissions
Grant Meta-Permissions
Grant Security Permissions
Permission
Grant Organization Permissions
Grant Permission Permissions
Grant Station Permissions
Grant Batch Permissions
Grant Top Administrative Permissions
Grant Visibility Permissions
Grant Notification Permissions
Grant TargetList Permissions
Grant Photo Permissions
Grant User Permissions
Grant Batch Design Permissions
Grant Queue Permission
Grant Service Permissions
Grant Standard Permissions
Grant Catalog Permissions
Grant Role Permissions
Grant Data Import Definition Permissions
Grant Portlet Permissions
Grant Card Permissions
Grant General Administrative Permissions
Grant vID permissions
Grant Export Definition Permissions
Roles
Grant Super-Admin Role
Grand Administrative Roles
Grant Operation Roles
Never
NAVIGATION
Card Menu
User Menu
Menu Catalog
Batch Design Menu
Admin Menu
Organization Menu
Standard Menu
Menu Target List
Photo Menu
PENDING
Deprecated
Update Photo Validation Rule Set
Update Card Field Template
Update Organization Branding
Delete Card Field
Delete Statistic
Delete Photo Validation Rule
Create Statistic
Create Photo Validation Rule
Create Card Field
Read News
Update Graph
Delete Photo Validation Rule Set
Delete Card Field Template
Delete Organization Branding
Create Card Field Template
Create Organization Branding
Create Photo Validation Rule Set
Read Statistic
Read Photo Validation Rule
Read Card Field
Update News
Delete Graph
Create Graph
Read Photo Validation Rule Set
Read Card Field Template
Read Organization Branding
Update Card Field
Update Statistic
Update Photo Validation Rule
Delete News
Create News
Read Graph
Identity
Update Identity
Delete Identity
Create Identity
Read Identity
Tasks
Task Menu
Cancel Task
WEB SERVICES
Call getBatchUpdates WS
Call updateCard WS
Call searchBatches WS
Call endSession WS
Call processCardAction WS
Call updateBatch WS
Call searchCards WS
Call getPhoto WS
Call addPhoto WS
Call getCard WS
Call getMetadata WS
ADMINISTRATION
Delete Service Station
Manage Proprietary Files
Create Service Stations
Download Files
Delete Queue User
Administer
Manage Fonts
Delete Queue
Edit Help Documents
Advanced Station Details
Perform application updates
Publish Help Documents
View Service Station Details
Download VPQM
Manage Service Stations
Remove Badge from Queue
Run the Onboarding Wizard
Add Queue User
Create Queue
Generate application update keys
Modify Service Station
Manage Printer Queues
Modify Queue Details
View Queue Details
Install application updates
PORTLETS
Enables the metrics and quota portlets
Enables the station portlet
Post messages through the welcome portlet
Enables the portlet to Manage vPQM Queues
Enables the statistics portlets
Enables the customization portlet
Enables the card status matrix portlet
API
Request Token