The Hierarchy of Access
In a sophisticated permission system, a user might receive access from multiple sources simultaneously. For example, a user might have a Permission Profile that grants them basic access, but an admin might also give them a Manual permission to increase their privileges. The system includes logic to detect and visualize these overlaps.
The system checks access in a specific order: Founders > Manual Grants > Profiles > Auto Rules. When viewing the active list, you may see colored status badges indicating how these sources interact.
Coincident Access (The Green Badge)
You may see a green ALIGNED or "Coincident Auth" badge next to a user.
- Definition: This means you have manually granted a permission that is identical to what the user already receives from their Profile or an Auto Rule.
- Implication: The manual record is redundant. You can safely revoke the manual permission without affecting the user's access, as the underlying Profile will continue to provide the exact same rights.
Override Access (The Yellow Warning)
You may see a yellow warning box labeled Manual Override.
- Definition: This occurs when a user has a Profile/Auto Rule, but you have manually assigned them a different level of access.
- Example: A "Store Manager" profile normally grants "Full Access," but you manually restricted a specific manager to "Read Only."
- Visualization: The system displays both values side-by-side:
- Current: The manual value you enforced.
- Template: The value they would have had from their profile.
Conflict Resolution: In the case of an override, the Manual setting always wins. This ensures you can handle exceptions (like restricting a specific employee) without breaking the standard profile for everyone else.
