Omniscope has a built-in permissioning system, which allows the administrator to control who has access to different files, as well as which individual user can edit reports or only view them.


The permissioning system of the application is split into two distinct parts: 


  1. Authentication - how the user is authenticated to access the projects.

  2. Permissions - what the user can do, once they have been successfully authenticated.


Omniscope also has project write-protection similar to write-protect on memory disk. For more information see here.



In order to configure permissions you need to login to the “Admin” section, accessible from the projects page with folders list, and click on the “Permissions” items.  



If a folder doesn’t have a permission set, Omniscope will try to find the permission for the folder by recursively going up to the parent folders, until it finds the first folder that has the permissions set. If there are still no permissions found, then the “Default” permissions are used.


NOTE: This approach allows you to organise your folders in such a way that multiple folders share/ inherit the same permission.



Default permissions


The default permissions will take effect when there are no other permissions found for a given folder.


To configure them click on the “Default permissions”.


Folder permissions

These are permissions that take effect when you explicitly set a permission on a folder. 


To set/edit “Folder permissions” click on the “Permissions” button next to the folder name. 


Permission settings 

Anonymous / Public permissions

The option allows you to control what are the permissions for the user who is not authenticated and they visit the link to the folder through their web browser.


Groups

This option is managing multiple authenticated user groups. Each group can have their own permissions and authentication mechanisms e.g. client A, or Department C.


Group permissions

Define the permissions for each user within the group.


Authentication mechanisms


Authentication mechanisms allow you to specify the authentication method:


  • List of users - this method is relying on a list of usernames and passwords.
     

  • LDAP Query - this type allows you to authenticate against your company’s LDAP server.

  • Spnego (Single sign on) - authenticate against your company’s Spnego mechanism.