Updated: October 13, 2021 1:19pm

Employee Groups Overview

Prism uses a role-based security system in which users create groups that represent key roles in the company (e.g., Manager, Associate, Buyer) and then assign individual employees to one or more groups. The employee inherits the permissions assigned to the group. Via group permission assignments, you can easily control employee access to specific Prism features and areas. This helps retailers meet the important security principle of least-privilege in which users are granted access to only those program areas and features necessary to do the user's job.
You can assign "override" permissions for key tasks. This allows a manager to log in so that the task, which is normally off-limits to the employee, can be completed when needed. When a user tries to perform a task controlled by the permission marked for override, a dialog is displayed so a manager or other user with higher privileges can log in. As soon as the task completes, the override user is automatically logged out.
Users can create as many groups as needed.
For each group, you can:

  • Select the employees who are group members
  • Select the permissions that group members are allowed to use (default = deny)

If an employee belongs to more than one group, the employee inherits the higher privilege. For example, if a user belongs to Group A that has the "POS - Return Item" permission set to allow, and Group B that has the same permission set to deny, then the higher privileges of Group A are applied and the user will be allowed to return items.
When you first install Prism, a single default employee group called the Administrator group is created. The default Prism Administrator group enables users to log in to Prism and initialize the system.
When you initialize Prism, employee groups are copied from the POA to the new server. You will then have access to all the groups defined in POA. The default Administrator group created during the initial install is overwritten during initialization. After you initialize Prism, go into Employee Groups and confirm that the groups defined at the POA were copied correctly to the Prism server.
Each employee must be assigned to at least one group and can be assigned to more than one group if the employee's role in the company warrants it. Add or remove employees from groups by editing the employee's record.