Security
Permissions & Access Control
IM's three-tier permission model: menu access, button actions, and field-level control
Permission Tiers
IM implements three distinct levels of access control. All permissions are assigned to roles, and roles are assigned to users.
1. Menu Permission
Controls which menus an operator can see in the navigation. Permissions exist at both parent-menu and child-menu levels independently.
2. Button Permission
Controls which action buttons are visible and usable within a module.
3. Input Parameter Permission
Fine-grained control over which query/filter fields an operator can use. Each input field can be independently permitted or restricted.
Decryption Permissions
Three fields are always stored encrypted. To view their real values, operators need a specific per-field decryption permission:
Mobile Number
Email Address
IPTV Password
Permission Matrix by Module
| Module | Menu | Buttons | Input Fields | Decrypt |
|---|---|---|---|---|
| โ | User Management | Create, Modify, Delete | โ | โ |
| โ | Organization Management | Create, Modify, Delete | โ | โ |
| โ | Role Management | Create, Modify, Delete, Role Auth, Batch User Auth | โ | โ |
| โ | Resource Management | Create, Modify, Delete | โ | โ |
| โ | WO Management | (query only) | โ | โ |
| โ | Customer (Service Mgmt) | Create, Modify, Delete | โ | โ |
| โ | Customer Service (Service Mgmt) | Create, Modify, Delete | โ | โ |
| โ | Log Management | (query only) | โ | โ |
Role Design Guidelines
๐ก
Design roles by job function
- IT Administrator: Full access including Add/Modify/Delete on all resources
- NOC Operator (Level 1): Query-only access to WO and Service Mgmt, no resource modification
- NOC Operator (Level 2): Query + export, limited modification, no delete
- Supervisor: Full query + decrypt permissions, view-only on system mgmt
- System Admin: Full access to User/Role/Org management only