This documentation relates to iSymphony 3.5. You can view older documentation on the Older Documentation page

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The all-new, improved permissions system in iSymphony 3.1 allows administrators to control which users are able to perform actions in the system. 

Permissions Overview

By default, the permissions system in iSymphony is disabled, allowing all users access to all actions in the panel. This can be changed with the toggle switch next to the page title. 

Permissions can be defined independently by subject and type, and each permission has a policy and a list of exceptions. 

Permissions Toggle Switch

Permissions Toggle SwitchImage Added

Permission Subjects

Permission subjects in iSymphony are the users and user groups. When viewing the permissions configuration page in iSymphony, the available subjects are listed on the left side of the screen. When evaluating whether a user is allowed to perform an action in the panel, iSymphony may check multiple subjects:

  1. The user themselves;
  2. Any groups the user is a member of;
  3. The All Users group

The list above is checked in order to find the first permission that matches the correct type for the action. If no permission is found on one level, the next level is then checked. If multiple groups containing the user are found that define conflicting permissions for the same type, the result is permissive - the action is allowed. If no permission is found after checking the All Users group, the action is allowed. 

Panel
titleOn this page:

Table of Contents

Permission Types

The type of a permission determines what action it controls. When viewing the permissions configuration page in iSymphony, the available permission types are listed on the right side of the screen. Permissions can be controlled individually for each permission type.

Permission Targets

Most actions in iSymphony are performed on a target - on an extension, on another user, on a queue, etc. In the case of those actions, only targets of specific types are available to select in the exceptions list (see below). For example, it would not make sense to deny permission to 'Call a Parking Lot', and add a specific extension to the exceptions list for that permission. The targets available for selection in the exceptions list are defined by the permission type. 

Some actions don't have a target, and those actions won't have an exception box in the permissions configuration page. For example, changing your own password is something that can't be done for another user, so it's a simple Allow/Deny select box. 

Permission Policy

For each combination of subject and type, a general policy is defined. For the All Users group, only Allow or Deny can be set as the policy. For other groups or specific users, the policy can also be set to Inherit, in which case a permission defined higher in the hierarchy is used. The policy defines whether the subject is allowed to perform the action or not, unless the target appears in the exceptions list.

Exceptions

If you'd like to control actions on a finer grained level than just Allow and Deny, then you can specify exceptions to the policy. In this case, the general policy is reversed for those targets. If the policy for a permission is Allow, and the target is in the list of exceptions, then the action will be denied. If the policy for the permission is Deny, but the target is in the list of exceptions, then the action will be allowed. 

Owned Exception

A special exception exists, called Owned by User. In some cases, a user "owns" some targets - for example, most users own one or more extensions. If the Owned by User exception appears in the list of exceptions, this has the same effect as if the owned targets each appeared individually. For example, if Albert owned extensions 1001 and 1010, and a permission is defined for Albert as Deny with Owned by User in the exceptions list, then Albert will still be able to perform that action on extensions 1001 and 1010. Note also that if a third extension is added to Albert, say, 1020, that Albert would automatically be allowed to perform that action on extension 1020 without having to update the permission settings.

Editing permissions

To edit the permissions in iSymphony, log in to the iSymphony administration interface and select Users and Security, then Permissions in the main administration menu. This will bring you to the permissions configuration page. 

Enabling or disabling permissions

The permissions system in iSymphony can be enabled or disabled with the toggle switch on the permissions configuration page, next to the page title. If permissions are disabled, the permissions configuration page will be grayed out and unable to be edited. Additionally, all permission checks in the system will return allowed, so all users in the system will be allowed to perform all actions. 

Selecting a subject

The first step to editing a permission is to select the subject that the permission should apply to. The available subjects appear on the left side of the screen. User groups appear at the top, and users appear below them. Click on the user group or user to select that subject for editing. 

Editing a single permission

To edit a single permission for a specific type, locate the correct permission type on the right side of the screen after selecting the correct subject. The current policy and exceptions will be displayed next to the permission type. Hover your mouse over the current policy and a gray outline will appear. Click anywhere within the gray outline to enter editing mode for that permission. At this point, the current policy will change to a drop down list, and the list of exceptions will turn into an editable box. 

Editing the policy for the permission

To edit the policy for the permission, simply click on the drop down box and select the new value.

Editing the exceptions for the permission

Info

Not all permissions can have exceptions. See the Exceptions section above. Additionally, you are not able to specify exceptions for permissions that have a policy of Inherit.

To edit the exceptions for the permission, click in the text box that appears to the right of the text except. A small dropdown will appear prompting you to begin typing the name of an exception to select it. After entering text, the drop down will populate with suggestions that match your typing. Click on a suggestion to add it to the list of exceptions. To remove an exception, click on the x that appears within the outline of that exception. 

Editing multiple permission types

To edit multiple permission types at once, select the checkboxes the left of the permission. The rows for those exceptions will turn blue. Alternatively, select the All link at the top, next to the Select: label. This will select all permission types. Similarly, the None link will deselect all permission types. Once the desired permission types are selected, click the drop down box in the top right of the page titled Set selected to: and select an option. This will set the policy for each of the selected permission types to the selected value. The special Owned Only option will set all policies to Deny and add Owned to the list of exceptions for all permission types that are selected. 

Saving the changes

Once changes have been made to the permissions for a subject, the Save Permissions button in the top right corner of the screen will become enabled. Click this button to save and apply the permissions. 

Glossary of Permissions

For a list of permissions that are available in the system, and what they control, see the List of Permissions page.