User access to functionality and data

You manage user access to Maintenix functionality and data through the roles, departments, locations, and authorities that the user is assigned to and through permissions for action buttons and pages.

The following elements of a user's profile are used in combination with permissions to define and restrict what users can see and do in Maintenix.
Security-related user details
Access Type Comments
User ID Applies to information specific to the user, such as licenses and skills, authorization levels, and alerts sent specifically to this user.
Role Access to some functional information is restricted by the role assigned to a user. For example, only users with a technical records role receive technical records alerts.
Department Access to some information is filtered by the department of a user. For example, a supervisor has access to the detailed user information about the technicians in the same department (such as licenses), but can not access similar information for technicians in other departments.
Location Access to some information is filtered by the location of a user. For example, storeroom clerks can access information for the inventory at their own location only, as this is the scope of their work.
Authority Access to some information is restricted by the authority assigned to a user (usually defined at the aircraft level), such as updating the information for an assembly.

Permissions

Users access most Maintenix functionality with buttons on the Maintenix pages. The visibility of these buttons and access to their associated functionality, is controlled by specific permission settings. For example, users need permissions to edit the details of inventory items, to add labor requirements, or to view inventory recount results.

Permissions have a global value and by default, the global value is typically false. You then enable permissions for specific roles and assign users to the roles. Role permission values override global permission values:
  • If the global value of a permission is false, roles with a true value for the permission can perform the action.
  • If the global value of a permission is true, roles with a false value for the permission can't perform the action.

Roles can have as many or as few permissions as you need them to have. You can have a role with one permission and use this to carefully control access to functionality.

For users with multiple roles, the effective permission setting depends on its global value.

  • If the global permission setting is false, then Maintenix uses an additive rule to determine the effective setting. If the permission is set to true for only one of the user's roles, the user will have access to the associated functionality.
  • If the global permission setting is true, then Maintenix uses a subtractive rule. If the permission is set to false for only one of the user's roles, the user will not have access to the associated functionality.
Role permissions are set in the user interface. You can view, enable, and disable permissions for roles from these pages:
  • Role Permission Editor. The Role Permission Editor is a menu item that administrators can add to their role menus. Use this page to see permissions by category and for all roles.
  • Role Details, Permissions tab. Use this page to address permissions for one role at a time.
In the database, role permissions are stored in the UTL_ACTION_ROLE_PARM table. Global permission values are stored and can only be set in the database, in the UTL_ACTION_CONFIG_PARM table.

Assigning permissions to roles is best practise.

It is not advised, but it is possible to assign permissions to specific users. If you do this, you must pay extra attention to the precedence rules and be aware that after you assign permissions to users, there's no way to see what permissions a user has except by looking in the database. If there's a problem with a user having or not having access to functionality, resolving the issue can be challenging. User-specific permission values override both role and global values for the permission:
  • If the global value of a permission is false, a user with a true value for the permission can perform the action.
  • If the global value of a permission is true, a user with a false value for the permission can't perform the action.
  • If a user is assigned a role for which a permission value is false, but the user-level value for the permission is true, the user can perform the action.
  • If a user is assigned a role for which a permission value is true, but the user-level value for the permission is false, the user can't perform the action.
User permission values are set only in the database, in the UTL_ACTION_USER_PARM table.
Note: The permission setting ACTION_VIEW_ALL_USERS_DETAILS must be set to true for users, such as Maintenix administrators, who are authorized to see the detailed information on all users.