Appendix C: Permissions
Prism includes a built-in role-based access control system in which various permissions are assigned to groups (e.g. Managers, POS) and then individual employees are assigned to groups. Each employee inherits the permissions for the group to which it is assigned. Here's how Prism applies security permissions: Each user must log in to Prism. As the user navigates through the program, Prism checks the user's group assignments. If the user does not belong to a group with the required permission for a specific action, the interface element (e.g. button) necessary for the task is either hidden/disabled, or the user will see a pop-up when trying to perform the task. Depending on how permissions are configured, a user may see a prompt explaining that an "override" user (e.g. a manager) must log in first to complete the task.
Edit Group Permissions
To assign permissions to groups in Prism, navigate to the Store Operations > Employees > Group Management area. You can search for an existing employee group or add a new group.
Sample Prism Group Permissions
Configuring Group Security Permissions
When you access Group Management, a screen for filtering/searching for groups is displayed.
- Click the drop-down to select a lookup field. You can type a group name or part of a group name. By default, the search will look for records that have text that equals the search criteria. You can use a different operator, if desired, such as Not Equals, Contains, isEmpty, or isNotEmpty.
- Click the Search button on the bottom of the screen to start the Search. The results are filtered to match the entered criteria. The Total Records element shows how many records were returned by the Search. To display all groups, don't enter any filter criteria. Instead, just click the Search button.
- Select the group whose permissions you want to edit by clicking the check mark on the left column.
- Click the Details button. The Group Details is split into two panes. One pane is for editing the Group Name and Description. Another pane is for editing the Group Permissions.
- Click the Edit button on the bottom toolbar.
- In the Permissions area, select the appropriate radio button for each permissions you want to Allow, Deny, or apply Override. Use the Allow All, Deny All, or Override All buttons as needed. When finished, save the changes.
The list of permissions is grouped by area. To find a permission, you can scroll the list, or type all or part of the permission name in the Search field at the top of the list. When you type a permission name in the Search box, it lists the matching permission so you can find it more easily.
If the employee does not belong to a group with the required permission, a check is made of the "override" permission. If the user belongs to a group assigned the override permission, a login dialog is displayed so that a manager or other user with sufficient rights can log in. After the task is complete, the original user must log back in. Multiple overrides are not allowed. For example, if an override is made to allow a NEW transaction to be created, a second override is needed to allow discounts to be applied. Only the last override attempt will be recorded.
Note: The Override permission is available for most, but not all permissions.
Log Override checkbox
A user can enable Log Override for any permission that is set to Override. Each time an override occurs for a permission that is configured to Log Override, the date/time, the permission and both users involved will be recorded to an audit_override_log table. Note: If the permission is not set to Override, checking the Log Override checkbox has no effect.