Tables


SchemaSpy Analysis of mscmp_syst_perms.ms_syst

Generated on Fri Jan 19 05:40 PST 2024

XML Representation
Insertion Order Deletion Order
TABLES 0
VIEWS 4
COLUMNS 58
Constraints 0
Anomalies 0
Routines 13

Database Properties

Database Type: PostgreSQL - 16.1 (Ubuntu 16.1-1.pgdg22.04+1)

Catalog mscmp_syst_perms

Copyright © Lima Buttgereit Holdings LLC d/b/a Muse Systems

This database software and documentation is licensed to you under the terms of the Muse Systems Business Management System License Agreement v1.1 or other written, superseding license that you have obtained from Muse Systems.

Only Muse Systems may license this software to you. Your continued use of this software indicates your agreement to abide by the applicable license terms.

This database may include content copyrighted by and licensed from third parties.

Please see the license or contact us for more information.

muse.information@musesystems.com :: https://muse.systems

Schema ms_syst

Public API for system management oriented data access and operations.

This schema contains procedures, functions, and views suitable for access by applications and integration tools.

Tables

Table / View Children Parents Columns Type Comments
syst_perms 0 0 18 View

Defines the available system and application permissions which can be assigned to users.

The Permission is divided into the following concepts:

  1. The Permission record itself defines a subject for which application security and control concerns exist.

  2. Each Permission is made up of standard Rights. These Rights are:

    • View - the ability to view data.

    • Maintenance - the ability to change or process existing data.

    • Administration - the ability to create or destroy data.

    • Operations - the ability to perform certain operations or processes.

  3. The Right for each Permission is assigned a Scope of applicability which can limit or extend the grant of a Right. Each Right of the Permission may define which Scopes it supports out of the following possibilities:

    • Unused - The Right does not exist in any meaningful way for the Permission.

    • Deny - The Right is not granted by the Permission grant; this is typically used in cases where other Rights may be granted, for example permitting a user to see a value (View Right), but not to Maintain or perform data Admin tasks (Maint & Admin Rights).

    • Same User - The Right grant is limited in Scope to those records which are in some way designated as belonging to the specific user exercising the Right. Ownership designation will be defined by those functions where a Permission is checked.

    • Same Group - The Right grant is limited in Scope to those records which are in some way designated as belonging to a specific group or groups and to which the user belongs in some way. Ownership designation will be defined by those functions where a Permission is checked.

    • All - The Right grant is not limited in Scope and all records which are subject to the Permission are available to the user.

Permissions are assigned to Permission Roles which are in turn granted to individual users. If a Permission is not assigned to a Permission Role, then the assumption is that the Permission Role’s users are denied all rights granted by the unassigned Permission.

Some Permissions may be dependent on the grants of other more fundamental Permissions. For example, a user may be granted only View Rights to the sales order form, but also granted Maintenance Rights to sales pricing data. In such a case the sales order Rights would dictate that the user does not have the ability to maintain sales pricing in the sales order context.

Specific details of applicability and the determination of Scope boundaries will vary by each specific scenario. Consult individual Permission documentation for specific understanding of how determinations of access are made.

User Defined Record Supported Operations

  • INSERT
  • SELECT
  • UPDATE
  • DELETE

System Defined Record Supported Operations

  • SELECT
  • UPDATE - See column comments for applicable restrictions.
syst_perm_functional_types 0 0 12 View

Defines application specific areas of applicability to which Permissions and Permission Roles are assigned.

When an application defines varying areas of business controls, Permission Functional Types can be used to group Permissions into their specific areas and limit usage and role assignment by area. Consider an application which supports multiple warehouses containing inventory. The application may define globally applicable Permissions such as the ability to log into the application, but may allow employees to be granted varying degrees of Permission to each individual warehouse’s inventory management features. In this case there would be “Global” Permission Functional Type containing the log in Permission and a “Warehouse” Permission Functional Type for those Permissions and Permission Roles which can vary warehouse by warehouse.

General Usage

Both Permissions and Permission Roles must share a Permission Functional Type since the Permission Functional Type establishes the context of applicability for both.

System Defined Record Supported Operations

  • SELECT
  • UPDATE - See column comments for applicable restrictions.
syst_perm_role_grants 0 0 14 View

Establishes the individual permissions which are granted by the given permission role.

General Usage

Note that the absence of an explicit permission grant to a role is an implicit denial of that permission.

User Defined Record Supported Operations

  • INSERT
  • SELECT
  • UPDATE
  • DELETE

System Defined Record Supported Operations

  • SELECT
syst_perm_roles 0 0 14 View

Defines collections of permissions which are then assignable to users.

User Defined Record Supported Operations

  • INSERT
  • SELECT
  • UPDATE
  • DELETE

System Defined Record Supported Operations

  • SELECT
  • UPDATE - See column comments for applicable restrictions.