SUB-ARTICLE under Access management in Sapera. Describes the permissions for login security
and IP blocking (the "Block IP" category). Status: DRAFT pending approval.
This article covers the permission that controls access to login security and IP blocking — that is, the ability to view and edit which IP addresses may or may not log in, and to view login monitoring.
You assign these permissions in Financial under Security → Groups → select a group → Permissions (set Allow/Deny per permission). The screen itself is found in Financial under Security → Login security.
Grants access to login security and IP blocking. With the permission the user can:
view and edit lists of allowed and blocked IP addresses,
change login security settings, and
view login monitoring (an overview of login activity).
If the permission is denied, access to the function is refused with "access denied" — even if the menu item happens to be visible (see below).
This is a global permission: it applies across the entire installation, not per organizational unit. Be careful, therefore, about who receives it.
In addition to the action itself, there is a separate permission that only controls whether the menu item is shown:
Controls whether the Login security (Blocked IPs) menu item is shown in the Security menu.
This is purely a menu-visibility permission — it shows or hides the entry to the screen.
It is not the same as Manage Block IP (above): Block IP management controls whether the item can be seen, while Manage Block IP controls whether the action behind it may actually be performed. A user can therefore see the menu item without being able to use the function — and vice versa.
For an employee to actually work with login security, they typically need both: Block IP management (to see the item) and Manage Block IP (to perform the action).
Manage Block IP is global and controls the action itself; Block IP management controls only the menu visibility.
The admin user has the login security permissions by default.
Allow vs. Deny: An explicit Deny wins over an inherited Allow.
Want to know more?
Read more in these related articles:
Access management in Sapera (overview)
What permissions are, where to find them, how they are scoped, and links to one sub-article per area.
Security — menu visibility (permissions)
The permissions that control which Security menu items are shown — Users, Groups and Login security.
Users and passwords (permissions)
The permissions that control administration of employee logins — create, edit, disable, delete, passwords and 2-factor.
