SUB-ARTICLE under Access management in Sapera. Describes the permissions in the
"Application Permissions" category. Status: DRAFT pending approval.
This article covers the permission that controls which apps and integrations a user may access — that is, which registered clients (e.g. linked apps or integrations) the user can log in to and use.
You assign these permissions in Financial under Security → Groups → select a group → Permissions (set Allow/Deny per permission).
Determines whether the user may access a given app or integration. The permission is set per registered client — that is, per app/integration linked to the installation.
If the permission is denied, that app/integration is omitted from the user's list of available clients, and the user is not issued an access token for it. In practice the user therefore cannot log in to or use that app.
If it is allowed, the app appears among the user's available apps.
Use the permission to control which employees may use which apps and integrations — for example so that only selected roles get access to a particular integration.
Per app/integration. You allow or deny access for each registered client individually.
Blocking happens when access is issued (token), so a denied user is effectively kept out of the app.
Allow vs. Deny: An explicit Deny wins over an inherited Allow.
Want to know more?
Read more in these related articles:
Access management in Sapera (overview)
What permissions are, where to find them, how they are scoped, and links to one sub-article per area.
Organizational units (permissions)
The permissions that control access to and administration of organizational units, and which units' data an employee can see.
Login security (permissions)
The permission that controls access to login security and IP blocking.
