You are here: Home / Extras / Settings / User / User details / Rights

Settings

Rights

General

Which addresses, properties or tasks may/should which user see?

Not every user should always see everything, therefore in onOffice enterprise edition you can set the access rights of the users – on the one hand via user rights in general and on the other hand individually per data record. The rights per record overwrite the user rights.

Of course, only users who have the appropriate user rights may restrict or extend the rights.

User rights

In the user rights , you define for each user which rights he or she has for certain modules (e.g. addresses) or areas (e.g. reading emails in activities).
Usually you can choose between the rights “All / Office group / only own / none”. Office group is only available with the Groupsadd-on module.

This assignment of rights can be distributed even more finely, e.g. via extended rights a user can have access to the properties of user XY in addition to his own properties.

Rights per record

In almost all data sets you can call up the data set rights via the action bar (usually Action bar >> Other actions) and extend or restrict the rights for users / groups.

Rights management

The rights can be fine-tuned, and setting up or adjusting the different rights for each user can be very time-consuming.

We therefore recommend that user rights are managed and assigned using rights templates , groups are also a way of structuring rights. This allows changes to rights to be made quickly and easily.

In general, individual rights per data record are assigned, making rights management difficult and should only be done in individual cases

The rights per data set for several data sets is possible via a mass update , please plan this carefully.

In addition, there is the simple rights management, which is missing the lock symbol in the upper right corner of the individual categories. No rights on record levels are possible here and no extended user rights. A short description of the simple rights management contains only the user rights that are different.  

Below you will find details about the extended user rights, the rights per record and then the list of categories of user rights with a short description.

Extended rights in the “Rights” tab of a user

The basic rights that are assigned in the selection field always refer to the maintainer of the data set. Possible depending on the scope of your additional modules: None, own, office group, regional group, all. With the assignment of extended rights via the lock symbol, the level “individual” is added.

The lock icon opens the popup of extended rights.

The popup with the extended rights opens. This lists all users and groups that are available. You can now assign read and write rights. A change of rights is indicated by a star symbol after saving. Click on the star symbol to undo the change.

Example: The user “Max Adam” is only allowed to see his own addresses, that means only addresses where he is registered as a caretaker. Via the record right it can now be defined in the user rights that he is additionally allowed to see the addresses of the user “Gabi Fröhlich”. In total, he can see and open all address data records in which either he himself or user “Gabi Fröhlich” is specified as the maintainer.

Via Action Bar >> All ind. Delete record rights, an administrator can reset all changed record rights in the individual records. This means that all data records (addresses, property …) are checked and any record rights set for the current user are deleted. Only record permissions are deleted and no permissions in the tab Permissions of the user

Extended rights in a record

Assign rights

In a single record – the supervisor is user 3 – the extended rights can also be used to assign specific rights for individual users or groups. The extended rights are assigned via Action bar >> Further actions >> Record rights or if you use dataset rights stamps via Action bar >> Further actions >> Record rights >> Individual.

The popup with the extended rights opens. It lists all users and groups that exist. You can now assign read and write rights. A change of rights is indicated by a star symbol after saving. Click on the star symbol to undo the change.

Example: The user “Max Adam” is a member of the group “Aachen” and the maintainer of the address record. In addition, he is also granted read rights to the address data records of the “commercial property” group.

Display and change existing rights

You can control which rights are assigned or effective for the individual data record. To do this, open the data set and select Action bar >> Other actions >> Data set rights. In the popup, select the desired user and you will be shown which rights are available for him/her in the data record. If the general user rights for this record have been changed via the record rights, an asterisk is displayed at this point. Click on the star symbol to undo the change.
Please do not forget to save.

Record right stamp

With the record rights stamp, you can set a specific rights constellation in different records via the popup for record rights.

This is possible at all places where the record rights stamp appears in the record rights popup or where a drop-down menu with the existing record rights stamps appears in the action bar entry for the record rights.

Record privilege stamps are available only for users with the User right “Extend and Restrict Record Privileges”.

Create and manage record right stamps

Record permission stamps are created and managed in the Record Permissions popup. A separate list of stamps is kept for each user.

You can save the currently available rights selection in a stamp by entering a name in the field and clicking on the diskette Save button in the toolbar symbol to save it.

When you select a stamp, you can change the rights set and save the stamp again, or delete it using the trashcan Trashcan symbol icon.

When a stamp is selected, the corresponding rights settings are entered in the popup, but are not yet saved.

Apply record right stamps

Applying the dataset right stamp is possible in 2 places.

In the record rights popup select the desired stamp and save the new settings with the Save button. After reopening the record rights popup again, the set rights and the star  symbol are displayed with the changed rights.

The other place is directly in the record itself via the entry in the action bar, usually Action Bar >> More Actions >> Record Rights >> Stamp Name.

There the entry “Record rights” is extended by the list of existing stamps. You can select and set a stamp directly.

A record right stamp only sets exactly the rights specified there for the users and groups present in the stamp, all other users / groups are deprived of their rights. 
This means that even after a change of group, a user still has the rights assigned to him.

Attention, a set record right stamp cannot simply be undone.

You have to remove all individual entries by the stamp, i.e. click on all star symbols for all users.

Mass update of the record rights

You can also change the record permissions for multiple records, see herefor instructions.

User template

User templates offer a possibility to assign a set of predefined rights for the different user roles instead of assigning them manually.

Hint:

ATTENTION: If you remove a user from a template, the authorizations of the template are transferred to the user. Afterwards you have to check all rights settings and adapt them to the new situation!

You can create, change and edit user templates under the following link.

Allocation of rights to office and regional group

If you use the Groups module and the user is in an office group that belongs to a region group, you can set for this user in most selectors whether he is allowed to view the data of the office or region group. If you have set ‘region group’ for some rights and remove the office group from the region group, the rights are downgraded to ‘office group’.

List of the rights of a user

Address management

In the rights administration for the address administration you can set which addresses you are allowed to read, write or delete. You will also find some additional settings for the address management, e.g. whether the customer number should be editable.


property tracking

 

Search criteria

In the rights settings for the search criteria, you can select the search criteria for which you have read, write and delete rights.

If the field “Read/write permission on existing search criteria in own data records” is activated, the other permission settings for the search criteria are ignored for address data records on which the corresponding user is the maintainer himself and he always has read and write permission there.

The right “Creation of new search criteria without write permission to the address” also allows to create search criteria in addresses to which the user has no write permission.


Task management

In the rights settings for the task management you can choose which tasks you are allowed to read and whether you are allowed to delete individual tasks.

 

Project management

In the rights settings for the project management you can choose which read, write and delete rights you want to set for projects. So you can choose whether you or the user for whom you are editing the rights may only edit your own projects or all of them.


Follow-ups

Define which resubmissions a user may see.

 

Schedule management

In this rights setting you can choose which appointments are visible for you or the user you are editing and whether you are allowed to create your own appointments. You can also decide which events can be edited and whether the tracking of the event can be viewed.

Working time recording

In the category Working Time Recording you can set whether the user is allowed to view and set the working time recording of other users.

Furthermore, it can be determined whether the user has the right to enter or delete a company holiday, or to edit or delete holidays of other users.

The “View working time status” permission controls whether the user can view the “Working time status” item in the “Statistics” menu. Information about the current work and working hours of all users can be viewed there, such as start of work, break, current appointments and tasks.

With the selector “Visible working times” you can set which working times are visible for the user.

Record rights

Who is allowed to view or change the record rights? This is regulated by the user rights category “Record Rights”.

Internal services (with costs)

Here you have the possibility to define for each user whether he is allowed to use the credit (for floor plans, SMS) via the general account, or whether he should create a separate account for his user. This is set to client account by default. Further information on how to create a user account for the user can be found here.

Marketplace – external services (with costs)

In this category, you can define which marketplace account (client/group/user account) is used to bill the services of the different providers. In addition, you can set which providers the user is allowed to use.

Setting the billing account for the Marketplace, as well as activating various providers.

Employee statistics

For the employee statistics/statistics , you can define here whether only your own, the office group’s or all of them may/may be viewed.

Statistics

  • Option “Visible statistics”
    Statistics evaluate the records to which the user has access. Here you define which data records the user may use for the evaluation. In addition, the user must also have read rights to the individual data records.
  • Option “Manage widget configuration”
    This defines for whom the user can create statistics templates.
  • Option “Assigned Configuration”
    This selector allows you to assign the statistics module configurations you have stored to the selected user. This is displayed in the first tab.

Logging/Statistics

In this category you can define which last viewed records the user can view. Normally it is set that the user can only view his own records. Additionally, the records of the office/regional group and all of them are available.

User settings Logging/Statistics

Description of rights

Here you have the possibility to give an explanation for which reason the user has been assigned the corresponding rights.

Invoice

Set the user rights for the billing module here. The article management can be switched on and off, as well as the authorization for archiving documents. Read and write permissions can be assigned to bookings and vouchers.

Read and write rights for vouchers and bookings also apply to the corresponding voucher and booking activities in the brokerage book and addresses. If “no right” is selected, the comment and price are hidden when the activities are displayed.

“Release Invoices”

Via “Release invoices” the user is able to release addresses for invoicing in the category “Invoice” (tab “Basic data”). Without this right, the field “Release invoice” is blocked and in addition, when a user with this right changes invoice-relevant data, no task is assigned to the group / user entered in the basic settings (“Invoice” tab) under “Responsibility invoice release”.

 


property

Brokers’ book/activities

Next to the view of the entries, determine if and when the user may delete or change the entries. Likewise, the read rights for “emails in activities” can be set.

With “Activities mass update” you can create entries for several data records in the property search / interested parties .

 

Word/Email templates/files

Provide the user with the template administration here.

Further modules

Define here whether the user may use the other modules or not. In the case of Messenger, you can also specify whether the user is allowed to delete conversations. If you have enabled the sync function, you will find an explanationhere.

 

Export / Print lists

Specify here whether the user is allowed to perform exports and print files. If the right to print lists is not granted, the user can still print his appointments.


Credit-related rights

Define here what the user may use the credit provided to him for.

Process Manager

Here you can define which rights the user has for processes. You can individually verify starting, drafting, canceling, and skipping. In addition, you can set whether the selected user is also allowed to read and write processes of other users. If the right “only own” is set, processes can also be edited which are the responsibility of the user’s group.


Web page modules

Specify here which web page modules the user may use.


smart site 2.0

Specify here whether the user in smart site 2.0 can read all pages or only those created by him.

 

Dashboard

Here you can find the user rights for the dashboard.

Using the selector behind ‘Assigned Configuration’, you can distribute your pre-defined dashboard configurations to the user. If “Active on entry” is checked, this configration will be displayed after logging in to onOffice enterprise.

“Configure Dashboard” determines whether or not the user is allowed to configure their dashboard. If the checkbox is not checked here, the edit icon is missing on the dashboard and the user can neither add nor remove widgets. The widgets themselves, e.g. for which mailbox the email widget should display the unread mails, can still be configured by the user.

“Configure Statistics” is the equivalent setting for dashboard tabs of type “Statistics”.

Via “Manage Configurations” you determine whether the user has the right to manage dashboard configurations under “Dashboard >> Configuration”. These can be distributed to other users via “assigned configuration”.

“Visible statistics” controls whether only your own, the office group’s or all statistics may be seen.

Via “Manage statistics templates” you determine whose statistics templates the user is allowed to manage.

 

Administrative rights

The administrator right is the most important right of all. With this right the user can set his own rights without restriction. Only grant this right to employees you trust.

You can also assign additional individual administrative permissions to the user, such as full portal synchronization.

With the right “May activate the onOffice support user” you can control which of your users may activate the support via the ? menu or via a link in an email.