In LMS you may define up to 256 rules to access the system. Each can permit or deny access to defined modules. Each user can have any combination of access rules assigned to his account.
By default following access rules list is defined:
read only (excluding Helpdesk)
messaging (email, sms)
Helpdesk (RT) administration
Helpdesk (RT) operation
networks and devices management
daemon management and configuration
customers groups management
nodes groups management
customers to groups assignment
nodes to groups assignment
voip accounts management
users edition and addition forbidden
If you don't define any access rule for user, then LMS defines 0 rule for him, which mean: full access.
Algorithm that decides whether user has access to given module or not is as following:
|- First of all: checking list of modules that user always has access.|
|- Next: checking if module match rules in each levels user has access to.|
|- Finally: Decision if user is permitted to access modules. If module match to any level that denies access then access will be forbidden even if user has level that permits access to module. For example, if someone has full access and no access to "add computer" module, then he won't able to access module. If module matches level that permits access to module, then LMS will grant access to module, but if module does not match at any level then no-access-message also will be printed.|
Advanced users can define any additional access rules or redefine existing ones. In order to do that you must make PHP script based on file lib/accesstable.php. Then set option custom_accesstable in [phpui] section to created file name.
In that way it's possible to define your own rules to allow or deny access for any modules. Module is a name of PHP file in modules directory, given without extension in access rules. For example, it's possible to define rule for invoices display (e.g. for lms-sendinvoices script) in the following way:
<?php $access['table']['name'] = 'invoices display'; $access['table']['allow_reg'] = '^invoice$'; ?>