Users, groups and permissions

Setting up your Recruity environment starts with setting up users, groups and permissions. This page will give you an example of what we think is the perfect Recruity setup for companies that want to take full advantage of all Recruity features.

The administrator account
It's important that you use this account only for administrative purposes. We strongly advise you not to use this account as a regular user for safety and usability reasons. Basically use the administrator account only for:
  1. Adding and editing user accounts
  2. Adding and editing user groups
  3. Installing/removing modules
  4. Creating items that are commonly used for more users such as a global addressbook, shared calendars or a corporate HTML template for outgoing e-mail messages.It's very important that you do this as an administrator so you will avoid the following scenario: User 1 creates an addressbook and projects. This user shares these items with everybody. Everybody uses those items. Now User 1 no longer works at your company. Time to remove the user account. Oops! The projects and his addressbook are gone too!
Create user groups
First create user groups for your company. Permissions are much easier to handle with groups then with individual users. When you grant the secretary access to all calendars as a user it will be a painful job to reset all permissions to another user when a new secretary joins the company. If you had done it with a group you could simply add the new employee to the secretary user group. So choose your groups wise with user permissions in mind. For example create:
  1. A secretary group called "Secretary"
  2. A group for the consultants called "Consultants"
A few special groups are created by default:
  1. Admins, users of this group will have permission to everything. Usually you don't want to add any user to this group. See above.
  2. Everyone, all users are in this group. Use carefully when granting permissions to this group.
  3. Internal, this group is created by default and new users are commonly added to this group by default. It should contain all company users and not your customers.
Create users
Now that we've got the groups set up it's time to add the users. You can do this at:
  • Start menu -> Users -> Add
Fill in the profile fields. Mandatory are First name, Last name, Username, Password and e-mail. Make sure you setup the right regional settings for the users. The timezone is particularly important because events will shift if you change this setting later on.

Permissions
Also pay attention to the "Permissions" tab. Remember that the default permissions can be set by the system administrator in the main configuration file (config.php).

Module permissions
You can also give user groups access to particular modules. This way you can manage module access easier. You'll just have to add the new user to the right group. When a user has access to a module by a user group, the access checkbox will be greyed out. In most cases you should give users only "Usage" access to modules. The difference between Usage and Manage permissions on module are described in the table below:

ModuleExtra privileges with manage permissions
AddressbookCreate addressbooks, change ownership of addressbooks
CalendarCreate calendars, change ownership of addressbooks, edit all events
FilesystemNo difference
SummaryManage announcements on the right side of the screen
E-mailEdit and add account settings
Job vacanciesAdding and tracking job vacancies
NotesNo difference
BillingCreate books

User groups and visible user groups
The second column controls the user groups the user is a member of. The last column controls which users groups are allowed to see this user. If you uncheck all users will never be able to share stuff with this user.

Manage permissions
Many items in Recruity are protected with permissions. For example addressbooks, tasklists, calendars, Note categories, Billing books and project types have access control. When you setup permissions you can add user groups and users to the access control list. There are four different levels of permission:
  1. Read only
  2. Read and write
  3. Read write and delete
  4. Manage
With manage permission you are also allowed to control access and change the ownership of the item.

When you add a new user or group it has read permission by default. You can change the level by clicking it in the grid. See the screenshot below.

permissions