Sometimes it is needed to allow company manager to view data only for particular customer(s). This data may include customer's data, projects, jobs, invoices, and other information which can be clearly associated with particular customer.
Security system implemented in BaccS allows to solve this task by correct configuration of user roles. It will be needed to create as many roles as the number of users who needs to get access only to data of individual customers.
Security system allows access to an entity only when this access is granted in ALL roles assigned with a user. This means that you will need to create a general role applied to all managers, which will allow them to access all data, and then create individual roles which will deny access to all customers, projects, jobs, assignments, invoices and payments, which are not associated with specified customer or customers.
Say, you already have Manager role, which allows managers to view all necessary data. Now the task is to create additional "slice" of security which will add additional restrictions to existing role and allow user to view only data associated with specified customers. Create a new role, set its name, and use Set customer(s) allowed to access by this role button:
Select customer in the popup window and click OK. Switch to Type permissions table to view results of operation:
Six objects has been added to the table. Double click on any to view its details, and switch to Object permissions table (this table allows to control access on entity level):
You can see that this role denies access to all jobs where customer is not Euro-Soft and not Tomorrow Solutions. The same rules are created for lists of customers, projects, invoices, assignments and payments. From now, user with this role assigned will be able to view only jobs (and other 5 entity types) for these two customers.
You are free to edit entities created automatically. For example, you can manually add another customer in future.