h1. Roles Principles are described in section [[Role-based access]]. {{>toc}} h2. List !roles.gif! h2. Edit Here default access rights are defined for various menu items. You can re-define these default rules for each particular menu item in the corresponding ACL (Access Control List). h3. General !roles2.gif! h3. Account In this tab, the default access rights to web account items are specified. !roles3.gif! *access* - allow access to display list or main menu of the web-interface element. A value of *super* means, that the user has the possibility to see the *responsible user* of each object. *add* - allow adding new object. A value of *super* means, that the user is enabled to set the *responsible user* when adding a new object. By default, a *responsible user* of an object is the user which has added this object. *edit* - allow editing of the object. A value of *super* means, that the user is enabled to set the *responsible user* when editing each object. *delete* - allow deletion of objects h3. Database In this tab, one can configure default access rights to tables from the database. !roles4.gif! *select* - allow selection from table *update* - allow table updates *insert* - allow insertion of new rows to table *delete* - allow deletion of rows from table h3. Call handler In this tab, one can configure default access rights to applications of [[Call handler]]. !roles5.gif! *access* - grant access to the application from the call handler. *access to function CDR* - allow access to function CDR, which could be used to modify billing parameters of a call and therefore could be unsafe, especially for [[Virtual PBX]] feature. h3. Menu !roles6.gif! *Account ACL* - here you can redefine access parameters for each item in the web interface, in case it differs from default parameters, which are configured in tab +Account+. *Database ACL* - here you can redefine access parameters for each table, in case they differ from default parameters, which are set in tab +Database+. [[Роли|Русский перевод]]