iWonder Designs
 
Search this site

Navigation

Recent site activity
Nexus Documentation‎ > ‎Setup‎ > ‎

Permissions

One of Nexus's strengths is its powerful permissions system.  With Nexus, there are three types of administrators: Super Administrators, Domain Administrators and Group Administrators.  Super administrators have permission to do anything in the system include edit global settings, add/delete/change document no matter what that files accessibility options are and much more.  Domain administrators are limited to administrative duties that pertain to a single domain.  That is, they can add,remove and change groups within a single organization -their own.  They can also add files to the library as long as the files are only accessible by users in their domain.  Group administrators are more limited still.  They can only add/edit files that are accessible in their group. 

 

The idea behind this system is that super administrators can delegate responsibility to 'moderators' or sub-administrators for the various parts of the library.  This is useful as the library grows and requires more management on the part of the administrator. 

 

Below is a list of actions that can be performed in the system and the types of permissions given to the various administrator to perform those actions. 

 

Viewing Documents

 

  • Super Admin
    • Category Restrictions: None
    • Domain Restrictions: None
    • Document Restriction: N/A
  •  Domain Admin
    • Domain admin should be able to see all documents that are accessible by the organization to which the administrator belongs.
  • Group Admin
    • Group admin should be able to see all documents that are accessible by the organization and group to which the administrator belongs.

 

Adding Documents

 

  • Super Admin
    • Category Restrictions: None

      Note: The super admin can add documents to the root of the library unlike other admin types.

    • Domain Restrictions: None
    • Document Restriction: N/A 
  • Domain Admin
    • Category Restrictions: Can only add documents to categories which are accessible by user’s organization and any group in that organization.

      Note: The domain admin cannot add documents to the root of the library since the root "category" cannot have permissions applied to it.

    • Domain Restrictions: When choosing a domain to give access to, only the users’ organization and contained groups are available.
    • Document Restrictions: N/A 
  • Group Admin
    • Category Restrictions: Can only add documents to categories which are accessible by user’s organization and group

      Note: The group admin cannot add documents to the root of the library since the root "category" cannot have permissions applied to it.

    • Domain Restrictions: When choosing a domain to give access to, only the users’ organization and group is available.
    • Document Restrictions: N/A

   

Editing Documents  

 

  • Super Admin

    • Category Restrictions: None

    • Domain Restrictions: None

    • Document Restriction: None 

  • Domain Admin

    • Category Restrictions: Can only edit documents in categories which are accessible by user’s domain.  Any group in domain is available though.  Document restrictions take precedence.

    • Domain Restrictions: When choosing a domain to give access to, only the users’ organization and contained groups are available.

    • Document Restrictions: Can only edit documents that are accessible by user’s organization and any group in organization.  

  • Group Admin

    • Category Restrictions: Can only edit documents in categories which are accessible by user’s organization and group.  Document restrictions take precedence.

    • Domain Restrictions: When choosing a domain to give access to, only the users’ organization and group is available

    • Document Restrictions: Can only edit documents that are accessible user’s organization and group.

 

Adding Categories

 

  • Super Admin
    • Category Restrictions: None
    • Domain Restrictions: None
    • Document Restriction: None
  • Domain Admin
    • Category Restrictions:
    • Domain Restrictions:
    • Document Restrictions:
  • Group Admin
    • Category Restrictions: Can only edit categories in categories which are accessible by user’s organization and group.  So if Category A is accessible by OrgA:GroupA and user is a member of said group then user can edit that category and add new categories within that category.  User cannot delete any categories.
    • Domain Restrictions: The only domain to which this type of user can assign access is his own.
    • Document Restrictions: When determining which category to assign a document to, only categories to which user has access are available in the source list.

 

Viewing Users

 

  • Super Admin
    • The super administrator should be able to view all users in the database
  • Domain Admin
    • The domain administrator should be able to view all users who belong to the same organization as the administrator
  • Group Admin
    • The group administrator should be able to view all users who belong to the same organization and group as the administrator
  • Registered User
    • Cannot view any users (except himself)

  

Editing Users

 

  • Super Admin
    • Self: No restrictions
    • Domain Admin: No restrictions
    • Group Admin: No restrictions
    • Registered User: No restrictions
  • Domain Admin
    • Self: Domain administrators can edit their own profile but they cannot change their user type, filebox size or domain membership
    • Domain Admin: Domain administrators cannot edit the profiles of any other domain administrators
    • Group Admin: Domain administrators can edit the profiles of group administrators who are members of the same domain as the logged in domain administrator. They can choose between user types of group admin and registered user, but they cannot create another domain administrator.
    • Registered User: Domain administrators can edit the profiles of registered users who are members of the same domain as the logged in domain administrator.  They can choose between user types of group admin and registered user, but they cannot create another domain administrator.
  • Group Admin
    • Self: Group admins can edit their own profile they cannot change their user type, filebox size or domain membership.
    • Domain Admin: Cannot edit domain administrators’ profiles
    • Group Admin: Cannot edit group administrators’ profiles
    • Registered User: Can edit the profiles of registered users who are members of the domain of which the current group administrator is a member.  But user type, filebox size and domain membership is not editable.