h1. Role-based access

The *Smartswitch* system allows system users to have role-based access to the web interface.
This means that the system administrator can define *roles* that determine the visibility of system elements.
The structure of roles is described in the [[Roles]] section.

!clipboard-202202221406-yvlkl.png!

Each _role_ is a set of settings that define:
* visibility of certain web interface elements
* availability of operations in the database (selection, insertion, deletion)

Thus, you can create your own _roles_ and define in them the part of the system interface available to _users_.
When adding web access for _users_, you will need to specify a _role_ for each of them.
When the created _user_ enters the system, he will see only what you have defined for him.
This serves as the basic concept for creating [[Virtual PBX|Virtual PBX]] and [[Dealer|Dealer Access]] to the system.

_ACL_ (Access Control List) are used to define scopes in _roles_.
_ACL_ has 3 types:
* +Account ACL+. Defines the visibility zone of the cabinet web interface elements. For example, visible menus on the main page.
* +Database ACL+. Specifies the available operations on database tables.
* +Call handler ACL+. Defines the available elements in [[Call Handler|Call Handler]]

The _Account ACL_ takes precedence over the _Database ACL_. Having blocked an element in the _Cabinet ACL_, it ceases to be visible in the web interface menu and you will not be able to enter it at all.
However, by disabling access to an item in a _Database ACL_ that is open in a _Desktop ACL_, it remains visible in the menu, but the system displays an error when attempting to access or modify (depending on access settings).

The default values ​​for the _Database ACL_ are found in the _Database_ tab in the _role_.
The default values ​​for _Account ACL_ are found in the _Account_ tab in _roles_.
In the _Account ACL/Database ACL_ menu, you can override access options for each table/menu item.

Thus, you can configure roles in 2 ways:
# block everything by default and unblock one table/menu item via menu _Account ACL/Database ACL_
# unblock all by default and block one table/menu item via menu _Account ACL/database ACL_

The choice of the appropriate method depends on whether you want to open or hide most of it.

Each object (each row) in the database has an associated *responsible user* ID.
When a new object (new row) is created, this identifier is set to the identifier of the user who creates this object.

See the [[Roles]] section for the meaning of each option.

[[Ролевой доступ|Русский перевод]]