Access Control
MeetBit prioritizes access control, leading to the implementation of a complex system. This section will provide insight into its four (4) main concepts: Role-based permissions, Departments, Direct permissions, and Side Effects.
Role-Based Permissions
Role-based permissions are the permissions that a User inherits through their Role. These provide the ability to perform certain actions on certain types of resource objects. An example of this is the permission to "read all Users", or "create all Meeting Links". This type of permission is limited by the User's Department and expanded by direct permissions.
Departments
Departments limit Role-based permissions, restricting their access solely to the resource objects affiliated with their department. For example, if a User's Role allows them to "read Forms", they can only read Forms owned by their Department.
Global Department
The Global Department is exceptional in that Users within it have access to all resources within the Workspace. Consequently, a User from the Global Department with a Role permitting them to read Meeting Links can access all Meeting Links across all Departments.
Essentially, the Global Department is designated for "Super Admins" or Users tasked with providing support or exercising control across all Departments.
The following features are restricted to Users of the Global Department:
Departments
Roles
Activities
Domains
Branding
Legal Information
Settings
Contracts
Invoices
Usage
Providers
Non-Departmental Resource Objects
Some resource objects are not owned by one particular Department nor are they restricted to the Global Department. These resource objects can be accessed by any User with a Role that allows them to do so.
These resource objects include:
Notifications
Direct Permissions
An exception to the concepts explained above is when Users receive direct permissions to resources. This happens in multiple instances and allows Users to continue interacting with a specific resource object even if they are transferred to a different Department.
Direct permissions are provided in the following instances:
Direct permissions supersede the above concepts (Role-based & Departmental permissions) and remain unaffected even if the User's Role or Department changes. These permissions are only revoked if the specific permission is reversed. For example, if the User is no longer designated as a Representative of a Meeting Link.
You can view the Direct Permissions granted to a User, as well as the permissions inherited from their Role, on their User page.
Side Effects
The above concepts also influence the functionality of other features, often unrelated to each other. This is because a User's ability to select options is likewise constrained by these concepts.
For example, although a User's Role allows them to read performances, they can only view performances for Meeting Links, Forms, and Events accessible to them according to their Role-based permissions, Department, and Direct permissions.
For a much clearer example, let's consider the following:
User A, belongs to Department B with Role C.
Role C only allows Users to read all Meeting Links and read Performances.
User A has direct permissions to read Meeting Link D which belongs to the Global Department.
When User A opens the Performance page, the following is true:
They can generate performance charts of all Meeting Links belonging to Department B.
These charts do not include data from other Departments.
They can generate performance charts for Meeting Link D.
They cannot generate charts for Forms or Events.
Last updated