Access
The Access module provides the multi-tenancy for this application. Tenancy is organized into tenants, which contain teams which contain users. As part of this module, application permission checking is also conducted.
Components
Permission System
The permission system within Centurion ERP is custom and built upon Django's core permission types: add, change, delete and view. For a user to be granted access to perform an action, they must be assigned the permission and have that permission assigned to them as part of the tenant they are performing the action in. ALL assigned permissions are limited to the tenant the permission is assigned.
Tip
User A
is in tenant A
and has device view permission. User A
can view devices in Organization A
ONLY. User A
although they have the device view permission, can not view devices in tenant B
. For User A
to view devices in tenant B
they would also require the device view permission be assigned to them within tenant B
.
Unlike filesystem based permssions, Centurion ERP permissions are not inclusive, they are mutually exclusive. That is:
-
To
add
an item you must have its correspondingadd
permission -
To
change
an item you must have its correspondingchange
permission -
To
delete
an item you must have its correspondingdelete
permission -
To
view
an item you must have its correspondingview
permission
The exclusitvity is that each of the permissions listed above, dont include an assumed permission. For instance if you have the add
permission for an item, you will not be able to view it. That would require the view
permission.
Gloabl Organization
If the webmaster has setup Centurion ERP to have a global tenant, as long as the user has the a view
permission for the model in question in any tenant, they will be able to view that item within the global tenant. This is not the same for the other permissions: add
, change
and delete
. To which they must be granted those permissions within the global tenant exclusively.
Tip
User A
is in tenant A
and the webmaster has setup Centurion to use tenant B
as the global tenant. If user A
has been granted permission itam.view_software
in tenant A
they will be able to view software within both tenant A
and B
.
About:
This page forms part of our Project Centurion ERP.
Page Metadata
Version: ToDo: place files short git commit hereDate Created: 2024-06-17
Date Edited: 2025-05-15
Contribution:
Would You like to contribute to our Centurion ERP project? You can assist in the following ways:
- Edit This Page If there is a mistake or a way you can improve it.
- Add a Page to the Manual if you would like to add an item to our manual
- Raise an Issue if there is something about this page you would like to improve, and git is unfamiliar to you.
ToDo: Add the page list of contributors