Security and Permissions¶
Use this page when the main question is not "where is the screen?" but "which permission model controls this behavior?"
Emakin security is spread across several related surfaces:
- groups and feature permissions decide which capabilities a user can access
- scopes allow or block broad operations such as API usage, work-item search, or job management
- security profiles and ACLs control access to folders, processes, documents, and other secured objects
- API keys expose selected capabilities to integrations
- process permissions combine folder rules and process-level rules
Choose the Right Page¶
- Use Edit Groups when you need to assign feature permissions to reusable user sets.
- Use Scopes when you need the reference for capability names such as
audit_search,groups_write, orworkitem_search. - Use Edit Domain when you need to manage domain API keys, security profiles, password policy, or IP restriction.
- Use Process Access Control List when you need to grant or deny process access more precisely.
- Use Relationship Between Folders and Process Design Permissions when folder permissions and process permissions interact in a non-obvious way.
How the Models Fit Together¶
1. Group and Scope Layer¶
Groups define who belongs together. Feature permissions and scopes attached to those groups decide whether users can see or use broad Emakin capabilities at all.
2. Domain Security Layer¶
Domain administration defines security profiles, API keys, login behavior, and domain-wide restrictions such as IP rules. This layer sets the available security building blocks for the domain.
3. Object-Level Access Layer¶
Folders, processes, documents, and similar secured objects then apply ACL or security-profile rules to decide who can read, execute, write, or fully administer a specific object.
Typical Questions¶
- "Why can this user open the page but not perform the action?" Check Scopes and Edit Groups.
- "Why can this user access one process but not another?" Check Process Access Control List.
- "Why does folder permission not match process behavior?" Check Relationship Between Folders and Process Design Permissions.
- "Which permissions should an integration receive?" Check Edit Domain for API keys and Scopes for scope names.