Security Policies (Permissions)
Security policies, which allow you to define user permissions, are available to all Growth and Enterprise-level accounts.
OttoLearn has a flexible security policy framework.
Using security policies, you can grant non-Admin users additional abilities in the Users View.
For example, you may want a Manager to only be able to view and edit the users they manage.
Users can be assigned security policies based on one or more attributes (fields in the user record). Most policies will come in pairs:
- The security policy granting users permission to perform an action (create, view, edit)
- The security policy stating which attribute(s) the action can be taken on.
For example, you may create a security policy where users with the Role attribute set to "Team Leader" are allowed to view all users, but are not allowed to view their Wage attribute.
Example Security Policies
Below are some examples of security policies that can be set up in your account. This is by no means a comprehensive list.
Remember, you can choose the attribute(s) a security policy is based on and decide what abilities to assign.
Create a security policy that states that any user with the attribute Role with a value of "Manager" will have the ability to create users.
Users with the Role attribute set to "Manager" are assigned the Create Users security policy, which gives them the ability to create users.
Users with the Team Leader checkbox enabled are assigned the View Users security policy, which gives them the ability to view users.
Examples #1 and #2 are similar, except the attributes (Role attribute and Team Leader attribute) and policies (what abilities are granted) differ.
Users with the Position attribute with a value of "Safety Manager", and the Store ID attribute with a value of "1234" are assigned a policy named "Manage 1234 Users". This gives them the ability to view and edit users who also have the Store ID attribute set to "1234".
This security policy grants permissions over a subset of users who have a specific attribute — in this case, users with the Store ID attribute set to "1234". In the other examples, the policies granted permissions over all users in the account.
Currently security policies only apply to users. They can be used to determine which users another user is able to create, view, or edit.
While security policies are able to be defined for your Growth or Enterprise plan account, the interface to allow you to customize and see them is not yet released. Therefore, you must contact firstname.lastname@example.org to request custom security policies to be created for your account.
(If you are on another plan, then you cannot create custom security policies.)