In the navigation tree, select Other/tools > Roles. Start with creating a new role or editing existing one.
For example, when SDL BaccS was launched for the first time, few default roles were created: Administrator, Default, Vendor, Customer. As it is clear from its name, administrators has full access to all data. From the other hand, users with Default role do not have access to any data at all. Try to login with the User user name and you will see that navigation tree is almost empty - access rights are fully limited.
Editing view for the Default role:
Both checkboxes are clear and in the Permission policy field Deny all by default value is selected. This means that users with this role would not get access to any data unless you explicitly allow it in the Navigation permissions and Type permissions tabs. You can change Permission policy value to Read only all by default and Allow all by default. In the first case, a user will get access to all data without ability to edit it. In the second case, he/she will get access to all operations. Depending on the selected value here you specify a way of working with Navigation permissions and Type permissions tabs. If default policy denies access by default, than in these tabs you will specifying objects to allow access. And vice versa, if default policy allows access, than in these tabs you will specify object to restrict access to.
The Navigation Permissions allow you to grant or deny permissions for a single navigation item or for the whole navigation group as shown on the image below:
Allowing access to Reference data group will open access to all items in this group with read only rights. By default, permission policy dines all access. After giving access to the Reference data group we expand this policy by giving additional rights. Since we use policy of restriction, given rights allow only to view data, but not edit it.
Item permissions have a greater priority than group permissions. For instance, you can deny access to the group, but grant access for one of its items, so this item will be enabled in the Navigation Panel.
The Type Permissions tab specifies access to all objects of a particular type. The image below illustrates this (in addition to previously granted access to the Reference data group, we open write rights for the Units table):
From now, user with Default role assigned will be able to edit Units table, but would not be able to delete any records from it.
If you wish to quickly fill this table with all object types available in BaccS, instead of manually adding rows one by one, click Pre-fill list of object types button on the ribbon:
Double click on the new type permission to open its editing form:
In this window, you can adjust access rights in detail. In addition to Read, Write, Create and Delete rights you get access to two additional tables: Member permissions and Object permissions.