SUB-ARTICLE under Access management in Sapera. Describes the permissions in the
"Security navigation" category. Status: DRAFT pending approval.
This short article covers the permissions that only control which menu items under Security are shown — Users, Groups and Login security. They show or hide the entry to the screen; the action behind each item is protected by its own permission.
You assign these permissions in Financial under Security → Groups → select a group → Permissions (set Allow/Deny per permission). These permissions control visibility only of the menu item — not whether the action may be performed.
Access users — controls whether the Users menu item is shown in the Security menu. If denied, the Users area is hidden in the navigation.
Access groups — controls whether the Groups menu item is shown in the Security menu. If denied, the Groups area is hidden in the navigation.
Block IP management — controls whether the Login security (Blocked IPs) menu item is shown in the Security menu. If denied, the item is hidden.
Visibility ≠ access. Showing a menu item does not in itself grant the right to the actions behind it — the action itself is protected by its own permission (e.g. Manage Block IP for login security). For an employee to actually work with an area, they typically need both the menu visibility and the corresponding action permission.
Allow vs. Deny: An explicit Deny wins over an inherited Allow.
Want to know more?
Read more in these related articles:
Access management in Sapera (overview)
What permissions are, where to find them, how they are scoped, and links to one sub-article per area.
Users and passwords (permissions)
The permissions that control administration of employee logins — create, edit, disable, delete, passwords and 2-factor.
Login security (permissions)
The permission that controls access to login security and IP blocking.
