Linking Groups to Roles

Linking Groups to Roles

Link Group to Role - User Guide

ℹ️

πŸ”’ Security Impact

If Linking User to Group decides “Who” gets a key, Linking Group to Role decides “What” that key actually opens. This is where you define that the “Accountant Group” can create vouchers but cannot delete them. It is the most granular level of security in your ERP.

⚑ What is a “Role”? (Simple Terms)

A Role is a single permission. For example:

  • “Can I Click the ‘Create Invoice’ button?”
  • “Can I View the ‘Bank Balance’?”
  • “Can I Delete a ‘Member’?” By linking these specific roles to a Group (like ‘Site Staff’), you define exactly how much power that group has in the system.

πŸ—ΊοΈ Permissions Architecture

graph TD
    R1[Role: Create Bill] --> G[Group: Accountant]
    R2[Role: View Balance] --> G
    R3[Role: Print Receipt] --> G
    
    G --> U1[User: Rahul]
    G --> U2[User: Snehal]
    
    style G fill:#f9f,stroke:#333,stroke-width:2px

πŸ› οΈ 1. How to Define Group Powers

  1. Access: Navigate to System Tools > Link Group To Role.
  2. Select Group: Find the group you want to modify (e.g., Accountant).
  3. Link Role: Click the Add (+) icon.
  4. Choose Buttons: You will see a list of every page and button in the system. Check the boxes for items the group should be allowed to use.
  5. Save: The changes take effect immediately for everyone in that group.

🚫 2. Taking Away Power (Delink Role)

If you decide that site staff should no longer be allowed to delete records:

  1. Under the “Delink Role” column, click the Delete/Trash icon for that group.
  2. Uncheck the “Delete” roles for the relevant modules.
  3. Save.

3. Creating New Groups βž•

You don’t have to use only the pre-set groups.

  • Use the Create Group button to make specialized sets like “Auditive Viewers” (who can see everything but edit nothing) or “Support Staff.”

4. Best Practices / Tips πŸ’‘

  • Module Sorting: When linking roles, filter by “Module Name” so you can easily assign all “Finance” roles at once without getting lost in other settings.
  • The View-Only Group: Always maintain a “Viewer” group that has only “Details” and “Index” roles checked. This is perfect for committee members who want to monitor work without accidentally changing data.
  • Test Your Groups: After setting up a new group, log in with a test user assigned to that group to ensure they don’t see buttons they shouldn’t.
  • Audit Requirement: If your society undergoes a security audit, this is the report you use to prove that “User Segregation of Duties” is active and enforced.