UCAR stands for “User Control Access Right”.
You may use this feature to control the access right of each UCAR group to the different application (objects) within the system.
UCAR allows an administrator and other authorized user(s) to control access to all application modules (and their features, folders and files) by assigning access privilege with both the Access Privilege Integer Number (APIN) and User Group Access Privilege (UGAP) Rules.
1. Access Privilege Integer Number (APIN) Rule
APIN controls access by assigning a Unique Access Level (UAL) to an application module and its features, folders and files (Objects) designated by an Integer Number starting from '1' (with no up bound limit). Similarly, each user is assigned with an APIN, also starting from '1' (with no up bound limit).
The APIN Rule dictates that a user's APIN must be smaller than the UAL Integer Number assigned to an object before access to the said object is granted. For example, a folder or a file in the Storage Center assigned with UAL Integer Number '9' is accessible only to any user with a smaller APIN such as 8, 7, 6,… so on and so forth. In other words, an APIN's access privilege declines as its integer number value increases.
2. User Group Access Privilege (UGAP) Rule
An exception to the APIN Rule is that any user belonging to an Access Group can access all objects that are accessible to his or her Access Group (regardless of his or her individual APIN.) In other words, the UGAP Rule makes higher privilege level objects accessible to lower access privilege individual users as members of a Access Group. The members access objects on group privilege (that override the APIN Rule applicable only to an individual). However, the UGAP Rule does not deny or strip away any of it members of access privilege higher than that accorded to the UGAP.
The easiest way to get started with UCAR is to allocate users into Access Group according to their respective access privilege, using the Admin Page. UCAR's default settings contain six Access Groups, which include ADMIN and USER. More Access Groups can be created as and when required by the Administrator using the UCAR link.
To define the access privilege of Access Group, simply check the relevant Access Group(s) in the Objects Row to allow the checked Access Group(s) to view and access the relevant objects.
The administrator can further refine assignment of user access privilege by using the APIN Rule as explained above. This will in effect creates individual users with different levels of access privilege.
All Users' APIN are, at default setting 10, as displayed in the Admin Page with the exception of default 1 for the Administrator. This means the Administrator has access to and view of all objects while other users are denied from accessing and viewing any objects.
To assign or change the APIN of a particular user, enter the Admin Page to edit/create the particular user. Simply enter the relevant access level in the Access Level box and click update.
The Administrator with APIN 1 can view and access all objects. He or she then can create individual users with APIN 2, 3, … so on and so forth, and at the same time filtering access to objects by changing the objects' UAL Integer Number.
A colleague John (APIN 8) can be denied access to Storage Center by simply changing the Storage Center's UAL Number Integer to 8 and below and exclude John from all Access Groups that have access to the Storage Center. Similarly, the CEO may be granted access to all objects and Access Group activities by an APIN 2 and setting all objects to UAL Integer Number 3 and above.