TECHNICAL STRUCTURETARIFSsupport@erp-platforma.com Sign up Sign in EN
PD view log

Personal data viewing log

In accordance with the legislation, the system implements universal logs for viewing personal data. They can be connected to any module. In them, based on blockchain technologies (which excludes the option of forgery), who and when viewed what personal data are recorded.

Advanced permissions settings

Any element in the company interface has default access rights. It can be reading (or viewing), changing, adding, deleting.
  • Read (sel or select) - allows you to see the element on the screen
  • Change (up or update) - if there is a form for entering changes in this element of the page, it can be used, otherwise the element will be inactive.
  • Adding (ins or insert) - if there is a form for entering new information in this element of the page, allows you to use it, otherwise the element will be inactive.
  • Delete (del or delete) - if there is a delete form in this element of the page, allows it to be used, otherwise the element will be inactive.
By default, all rights are configured for any Role. But if it is necessary to give one or another Role access to an element that is not visible by default, or vice versa, to deny access to a particular element, individual rights can be assigned to each element of the system of any Role.

Rights are assigned to:
  • Page Template is a whole module page. ( If we take an analogy with Excel, this is a Book )
  • Bookmark is the area of ​​the module page ( If we take an analogy with Excel, then this is a tab )
  • Cell - any page of the module can be divided into Bookmarks, and Bookmarks into cells. Elements can be inserted into cells (for example, buttons, output forms, text). Cells can be formed as in Excel. Individual rights can be assigned to these individual cells. ( If we take an analogy with Excel, then these are cells in the tab )
  • Main menu - rights can be given to elements of the main menu, this is the root menu of entire sections.
  • Submenu - rights to menu items. ( For example, you can hide not the module itself, but simply cut off the user's access to this module )
  • Folder - you can separately deny or allow access to a particular folder on the disk
  • Reports - you can separately deny or assign access to a particular report or to a whole group of reports if you specify the root of the group.
  • Procedures - you can allow access to various procedures in the system configurator. For example, by default, a user in reports has access only to a limited range of procedures.
It works as follows. When forming the page, the system reads the default values ​​set in the configuration. Next, reads the individual rights of the Role of the current user. If it has individual settings, then these rights override the default rights.
Further dependencies come into force. The rights of the larger elements override those of the smaller ones. For example, if there are prohibiting rights on the entire page, then no matter what rights to individual cells (for example, allowing) these cells will not be displayed, because the user has no rights to their parent element.

For example : In the picture on the side, the template rights are highlighted in yellow. The rights to it are inherited by all Bookmarks included in it, and by all Cells in these Bookmarks. But if Bookmark 1 is forced to set other rights (highlighted in green), then its cells will already inherit its rights. If one of its cells (cell 3 or 6 in the example) is given its rights, then it will not inherit anything from anyone.

With the help of such a structure, you can build any individual access rights with details to individual page elements. For example, you need to let external part-time workers into your account, or rent a call center, but you don't want them to dig into the internal tasks and projects of your company. Then, for example, call center employees can be given access to your account, but individually configure the rights only to create applications in the application system, and deny access to all other elements completely. No problem - this can be easily implemented in the Role Configurator.

Logs of changes in employee permissions (assignment of access rights)

Consists of two magazines:
  • Access rights assignment log
  • Access rights change log
Permissions assignment log

The system maintains a log of assigning the powers of the Licensee's employee to access personal data in the information system, in accordance with clause 16-A, Resolution of the Government of the Russian Federation of 01.11.2012 N 1119 "On approval of requirements for the protection of personal data during their processing in personal data information systems" ... This allows the company to implement an internal organization to protect access to personal data.

The register of access rights assignments works on the basis of BlockChain technology. The subsequent checksum uses the sum of the previous record. If information discrepancies are found with the checksum, or with the previous block, the record will be highlighted in red.
Access rights change log

The system maintains a log of changes in the powers of the Licensee's employee to access personal data in the information system, in accordance with clause 16-A, Decree of the Government of the Russian Federation of 01.11.2012 N 1119 "On approval of requirements for the protection of personal data when processing them in personal data information systems" ... This allows the company to implement an internal organization to protect access to personal data.

This log records change of Role's permissions. Those. all employees with this Role will have their powers changed.

The access rights change log is based on BlockChain technology. The subsequent checksum uses the sum of the previous record. If information discrepancies are found with the checksum, or with the previous block, the record will be highlighted in red.
«ERP-PLATFORM» LLC © 2021