Omniscope has a built-in permissioning system, which allows the administrator to control who has access to different files, as well as which individual user can edit reports or only view them.


The permissioning system of the application is split into two distinct parts: 


  1. Authentication - how the user is authenticated to access the projects.

  2. Permissions - what the user can do, once they have been successfully authenticated.


In order to configure permissions you need to login to the “Admin”, and click on the “Permissions” items. This will open a the main listing page where you see the files and folders, but now with the ability to set up permissions for each folder. 



If a folder doesn’t have a permission set, Omniscope will try to find the permission for the folder by recursively going up to the parent folders, until it finds the first folder that has the permission set. If there are still no permissions found, then the “Default” permissions are used.


NOTE: This approach allows you to organise your folders in such a way that multiple folders share the same permission.


Default permissions


The default permissions are permissions which take effect when there are no other permissions found for a given folder.


To configure them click on the “Default permissions”.


Folder permissions

These are permissions that take effect when you explicitly set a permission on a folder. 


To set/edit “Folder permissions” click on the “Permissions” button next to the folder name. 


Permission settings 

Anonymous / Public permissions

The option allows you to control what are the permissions for the user who is not authenticated and they visit the link to the folder on through their web browser.


Groups

Allows you to create multiple authenticated group. Each group can have their own permissions and authentication mechanisms.



Group permissions

Define the permissions for each user within the group.


Authentication mechanisms

Authentication mechanisms allow you to define how the user is authenticated;


  • List of users - this type of authorisation allows you to create a list of usernames and passwords.
     

  • LDAP Query - this type of authorisation allows you to authenticate against your company’s LDAP server.

  • Spnego (Single sign on) - this type of authorisation allows you to authenticate against your company’s Spnego mechanism.