Document number	Revision
DOCU12360	2

Supplier Security

Supplier Security BackgroundIntroductionBaseType securityColumn securityRoles

Background

In this article, you will learn about how default security is handled for Suppliers in Highstage.

Introduction

Note: Security in Highstage is highly customizable. This article introduces you to the default Supplier security configuration.

For Suppliers in Highstage, two concepts of security is introduced. General access to see, modify and create items in Highstage is specified through Basetype security. As an additional layer of security, Column security specifies the security associated with each individual column on an item in Highstage:

These concepts are dependent on each others and is evaluated as a layered structure. Basetype security is initially evaluated, and only if the user have access to the basetype, the security for the specific column is evaluated through column security:

A number of Roles are associated with Suppliers. Being assigned to a specific role grants a user a specific privileges' or responsibility on the specific item. This document explain the roles which is default bundled with Highstage and their relation to column security.

BaseType security

Basetype security must be set to enable users to view, modify or create Suppliers in Highstage.

The following table gives you an overview of the basetype columns that permits users or user groups to view, create or modify Suppliers in Highstage:

Column	Description
TrustRead	All `Users` and/or `User groups` listed has permission to see all existing Suppliers.
TrustCreate	All `Users` and/or `User groups` listed has permission to create new Suppliers.
TrustModify	All `Users` and/or `User groups` listed has permission to modify existing Suppliers.

ADMINISTRATOR NOTE: Basetype security can be applied by navigating to SYSTEM > Types > Basetypes in the side navigation menu.

Column security

Column security refers to the responsibilities and permissions that are granted to users for each Supplier. These capabilities are granted through specific Roles which are associated with each individual Supplier.

The following table gives you an overview of the default columns and the required roles to view and/or modify them:

Column	Manager	Teammember	Trustee	Superuser ¹
active	`Read` / `Write`	`Read`	`Read`	`Read`
address	`Read` / `Write`	`Read` / `Write`	`Read`	`Write`
city	`Read` / `Write`	`Read` / `Write`	`Read`	`Write`
class	`Read` / `Write`	`Read` / `Write`	`Read`	`Write`
company	`Read` / `Write`	`Read` / `Write`	`Read`	`Write`
contact	`Read` / `Write`	`Read` / `Write`	`Read`	`Write`
country	`Read` / `Write`	`Read` / `Write`	`Read`	`Write`
email	`Read` / `Write`	`Read` / `Write`	`Read`	`Write`
entity	`Read` / `Write`	`Read` / `Write`	`Read`	`Write`
fax	`Read` / `Write`	`Read` / `Write`	`Read`	`Write`
ip	`Read` / `Write`	`Read` / `Write`	`Read`	`Write`
isworkspace	`Read` / `Write`	`Read`	`Read`	`Read`
manager	`Read` / `Write`	`Read`	`Read`	`Read`
name	`Read` / `Write`	`Read` / `Write`	`Read`	`Write`
note	`Read` / `Write`	`Read` / `Write`	`Read`	`Write`
obj	`Read`	`Read`	`Read`	`Read`
objtype	`Read` / `Write`	`Read` / `Write`	`Read`	`Write`
phone	`Read` / `Write`	`Read` / `Write`	`Read`	`Write`
postalcode	`Read` / `Write`	`Read` / `Write`	`Read`	`Write`
priority	`Read` / `Write`	`Read` / `Write`	`Read`	`Write`
teammembers	`Read` / `Write`	`Read`	`Read`	`Read`
trustcreate	`Read` / `Write`	`Read` / `Write`	`Read`	`Write`
trustees	`Read` / `Write`	`Read` / `Write`	`Read`	`Write`
url	`Read` / `Write`	`Read` / `Write`	`Read`	`Write`
workspace	`Read` / `Write`	`Read` / `Write`	`Read`	`Write`

Roles

A Role in Highstage refers to the assigned responsibility or privilege that determines a users' permissions to view, create or modify contents in Highstage:

For any Supplier in Highstage, the following roles exists:

Role	Description	Permissions	Required	Note
`Manager`	Ability to see and change any column and assign additional `teammembers` and `trustees`.	Can `read` and `modify` any existing column and are allowed to assign `manager` to another Highstage user.	❌	Only one single user can be assigned as `manager` on each Supplier at a time. If no `Manager` is specified, modifications to the Supplier requires administrator privileges'. Default `Manager` is set as the user who created the Supplier.
`TeamMember`	Ability to see and change any column but the `manager`. Can assign additional `trustees`.	Can `read` and `modify` any existing column but is not allowed to modify the existing `manager`.	❌	Any number of users and user groups can be assigned as `teammember`.
`Trustee`	Ability to see all Supplier information.	Has `read` permissions, but cannot make any changes to the `Supplier`.	❌	Any number of users and user groups can be assigned as `trustee`.
`SuperUser`	Ability to change any column but the `manager`. Can assign additional `trustees`.	Can `modify` any existing column but is not allowed to modify the existing `manager`.	❌	A `SuperUser` is not assigned to a Supplier but is granted through the selected user level. A `SuperUser` still requires `read` capabilities by being assigned as a `Manager`, `TeamMember` or `Trustee` to be able to make modifications.

highstage_footer

1 A SuperUser has the same Write permissions as a TeamMember. A SuperUser, however, still needs to be listed as a Manager, teammember or trustee to gain Read access to permit modifications to an existing Supplier. ↩