ObjectLand provides a possibility to set different combinations of permissions of the user to different GDB components and operations. Nevertheless, not all combinations are possible. Some of them are absolutely meaningless (for example, there is no sense in permission to data about selected feature if there is no permission to select features), others are useless (there is no sense to revoke access to cataloged themes for the user if he has access to maps), still others can lead to undesirable consequences (if user permissions to access to GDB are limited, but he can add a new user with unlimited rights, then…).
In the cases when an attempt is made to set inadmissible combination of permissions the system displays a message “Permissions on high level do not admit this change”. We can enumerate here what is meant by a higher level of permissions:
Permissions set to access to GDB as a whole have higher level than permissions to components. For example, disabling changing GDB structure does not permit changing map structure.
Permissions to maps are of a higher level than those to themes. By analogy permissions to tables are higher than to queries.
General permissions to all components of the present type (maps, themes, tables, queries) are higher than permissions to particular maps, themes, tables, queries. For example, if calculations in tables are disabled for the user, it is impossible to enable performing calculations in one particular table for him. The reverse situation is possible: when one has a general permission for calculations in tables, calculations in some particular table can be disabled.
Among permissions to one and the same GDB component some permissions can have a higher level than others. Thus, for example, permission to change data of a map or a table are higher than permission to change structure, that is why disabling changing of data causes disabling of changing structure. There are many more concrete examples of differences between levels of permissions which will be described in appropriate places.
Permissions of the current user (the one who grants permissions) are higher than the ones of selected user (the one for whom they are granted). It means that neither of the users can grant nor revoke permissions for another user which the “granting” user himself does not have.
Changing permissions of a higher level causes automatic changing (revoking or granting) permissions of a lower level which contradict the new value of permission of the upper level. However, the system does not forget the values of the lower level which were present before the change took place. If the previous value of permission of a higher level is restored in future, changed values of permissions of the lower level will be restored automatically.
 |  |
