Access controls allow you to assign roles and permissions to users and groups. They also allow you to explicitly allow or deny specific permissions to a user group. By default, Continua comes configured with many access controls preconfigured which should cover the majority of the permission sets needed.
It is recommended that most permissions should be assigned to users through roles as this means you only need to change the permissions once to affect multiple users. The explicit allow and deny permissions should only be used in specific scenarios as needed.
Note: The permissions set here are at the global level. Projects and Configurations each have their own set of permissions that will override anything specified here. Configuration level permissions override Project level permission and Project level permissions override Global level permissions. If you explicitly deny the Edit Configuration permission to a user here in the global section, it can be overridden by going to that Configuration or that Configurations' Project and explicitly allow the Edit Configuration permission.
The Access Control page can be found in the administration menu under Security. The access control page lists all the access entries in Continua and allows you to create, edit and delete them.
(Setting roles to an access control)
(setting explicit allow and deny permissions on an access control)
The "New Entry" dialog is split into two sections, Roles and Permissions. Click the "Show options to explicitly allow or deny permissions" link to show the permissions section. You can select Roles and Permissions at the same time or even select one or the other.
Each access control entry links roles and permissions to a specific user or group which can be selected in the dropdown menu at the top of the dialog. Multiple roles can be linked to a user or group in the same access control entry.
For more information on configuring explicit permissions, view the fine grain control section.
Deleting an access control entry does not delete it's associated roles or users and groups, it simply unlinks the roles from the users and groups. However, any explicit permissions that have been set on the access control will be deleted.