User Permissions in Custojo

Learn how to configure and manage user permissions and access control in Custojo

User Permissions in Custojo

This tutorial will guide you through the process of configuring and managing user permissions in Custojo. Proper permission management is essential for maintaining security and ensuring that users have access to the features and data they need to perform their roles.

Secure Access Control

Learn how to implement a robust permission system that balances security with usability, ensuring that users can access what they need while protecting sensitive data and functionality.

Understanding Role-Based Access Control

Custojo uses a role-based access control (RBAC) system to manage permissions. This approach allows you to define roles with specific sets of permissions and then assign these roles to users.

Key Concepts

Roles

Predefined sets of permissions that can be assigned to users. Examples include Administrator, Manager, and User.

Permissions

Specific actions that can be performed within the system, such as viewing reports, editing user profiles, or managing system settings.

User Groups

Collections of users that can be managed together, making it easier to assign roles to multiple users at once.

Access Levels

Different levels of access to features and data, such as read-only, edit, or full control.

Creating and Managing Roles

Creating New Roles

To create a new role:

  1. Navigate to Administration → User Management → Roles.
  2. Click the Create New Role button.
  3. Enter a name and description for the role.
  4. Select the permissions to include in this role.
  5. Click Save to create the role.

Best Practices

  • Use descriptive names that clearly indicate the role's purpose.
  • Follow the principle of least privilege: only grant permissions that are necessary for the role.
  • Document the purpose and scope of each role for future reference.

Permission Levels and Types

Custojo offers various types of permissions that can be assigned to roles. Understanding these permission types is essential for creating effective roles.

Module Permissions

Control access to specific modules within Custojo, such as CRM, Accounting, or Project Management.

Feature Permissions

Control access to specific features within modules, such as creating invoices or viewing reports.

Data Permissions

Control access to specific data, such as customer information or financial records.

Action Permissions

Control the ability to perform specific actions, such as creating, editing, or deleting records.

Common Permission Levels

Permission LevelDescriptionTypical Use Case
View OnlyCan view but not modify dataAuditors, read-only users
EditCan view and modify data but not deleteRegular users, data entry staff
CreateCan create new recordsSales team, project managers
DeleteCan delete recordsManagers, administrators
Full ControlComplete access to view, create, edit, and deleteSystem administrators

Creating and Managing User Groups

User groups allow you to organize users and assign permissions more efficiently.

Working with User Groups

Creating User Groups

  1. Navigate to Administration → User Management → Groups.
  2. Click the Create New Group button.
  3. Enter a name and description for the group.
  4. Select users to include in the group.
  5. Click Save to create the group.

Assigning Roles to Groups

  1. Navigate to Administration → User Management → Groups.
  2. Select the group you want to assign roles to.
  3. Click the Edit icon.
  4. In the Roles section, select the roles you want to assign to the group.
  5. Click Save to apply the changes.

Group Management Best Practices

  • Create groups based on departments, teams, or functional roles.
  • Use descriptive names that clearly indicate the group's purpose.
  • Regularly review group memberships to ensure they remain accurate.
  • Consider using nested groups for complex organizational structures.

Setting Up Access Restrictions

In addition to role-based permissions, Custojo allows you to set up access restrictions based on various factors.

IP Restrictions

Limit access to specific IP addresses or ranges, ensuring that users can only access the system from approved locations.

Time-Based Restrictions

Limit access to specific times of day or days of the week, preventing access during non-business hours.

Device Restrictions

Limit access to approved devices, ensuring that users can only access the system from authorized devices.

Multi-Factor Authentication

Require additional authentication factors for sensitive operations or high-privilege accounts.

Setting Up IP Restrictions

  1. Navigate to Administration → Security → Access Restrictions.
  2. Click the IP Restrictions tab.
  3. Click Add IP Restriction.
  4. Enter the IP address or range to allow or block.
  5. Select whether to allow or block access from this IP.
  6. Specify which users or groups this restriction applies to.
  7. Click Save to apply the restriction.

Permission Auditing and Monitoring

Regularly auditing and monitoring permissions is essential for maintaining security and compliance.

Auditing User Permissions

Generating Permission Reports

  1. Navigate to Administration → Reports → Permission Reports.
  2. Select the type of report you want to generate (e.g., User Permissions, Role Assignments).
  3. Specify any filters or parameters for the report.
  4. Click Generate Report.
  5. Review the report and export it if needed.

Monitoring Permission Changes

Custojo logs all changes to permissions, roles, and user assignments. To view these logs:

  1. Navigate to Administration → Logs → Security Logs.
  2. Filter the logs to show permission-related events.
  3. Review the logs to identify any unauthorized or suspicious changes.

Regular Auditing Schedule

Implement a regular schedule for auditing permissions:

  • Monthly: Review new user accounts and role assignments.
  • Quarterly: Audit all role definitions and group memberships.
  • Annually: Comprehensive review of all permissions and access controls.
  • After major organizational changes: Review and update permissions as needed.

Best Practices for Permission Management

Principle of Least Privilege

Grant users only the permissions they need to perform their job functions, and no more.

Regular Reviews

Regularly review and audit permissions to ensure they remain appropriate and necessary.

Role Standardization

Standardize roles across the organization to ensure consistency and reduce complexity.

Documentation

Document all roles, permissions, and access controls for reference and compliance purposes.

Separation of Duties

Implement separation of duties to prevent any single user from having excessive control.

Emergency Access

Establish procedures for emergency access to critical systems when normal access methods are unavailable.

Troubleshooting Permission Issues

Common Permission Problems and Solutions

ProblemPossible CausesSolutions
User cannot access a feature they should have access to
  • Missing role assignment
  • Role missing required permission
  • Access restriction in place
  • Verify user's role assignments
  • Check role permissions
  • Check for access restrictions
User has access to features they shouldn't
  • Incorrect role assignment
  • Role with excessive permissions
  • Inherited permissions from groups
  • Review and adjust role assignments
  • Refine role permissions
  • Check group memberships
Permission changes not taking effect
  • Caching issues
  • User still logged in
  • System error
  • Have user log out and back in
  • Clear system cache
  • Check error logs
Note:

Pro Tip: When troubleshooting permission issues, start by checking the user's role assignments and the permissions included in those roles. Most permission problems stem from incorrect role assignments or role definitions.

Additional Resources

User Management

Learn more about managing users in Custojo.

Security Settings

Explore Custojo's security features and settings.

System Administration

Return to the System Administrators tutorials.