# Built-in Security Policies

This article explains the concepts of permissions.

If you are looking for built-in positions refer to the [positions](https://docs.cw.crisisworks.com/system-administration/configuring-the-system/positions) list for your system or the security policies for a specific [module](https://docs.cw.crisisworks.com/modules) that you're using.

### Naming conventions <a href="#built-insecuritypolicies-namingconventions" id="built-insecuritypolicies-namingconventions"></a>

The following naming conventions are in use:

* "Coordination" — means full access to data with assignment and moving
* "Officer" — means full access to data without assignment and moving
* "Basic" — means limited access only to assigned events and/or records
* "ReadOnly" — means the user cannot write or create
* "New" — adds the ability to add a new record
* "Special" — means a custom rule that does not fit any convention

Additionally, the following register group names are used:

* "recovery" means all the registers in the recovery module
* "operations" means request, message, offer, log, contact
* "reference" means "wiki"

### Register Permissions Glossary <a href="#built-insecuritypolicies-registerpermissionsglossary" id="built-insecuritypolicies-registerpermissionsglossary"></a>

When viewing configured register security permissions, the following access options are available.

|                                                           |                                                                                    |
| --------------------------------------------------------- | ---------------------------------------------------------------------------------- |
| Can access the register                                   | The user can see the register in navigation                                        |
| Can access a set of items                                 | The user can view lists of items in data grids and lists                           |
| Can indirectly update an item                             | Can edit items that are embedded in sub-forms                                      |
| Can directly see the register in the user interface       | Controls whether this register is included user interfaces such as navigation      |
| Can directly view an item                                 | Can view a full item record in the UI and via the API                              |
| Can directly create an item                               | This controls the "New" button on the UI, and allows top-level items to be created |
| Can directly edit an item                                 | Controls the "Edit button on the UI, and disallows top-level edits to items        |
| Can assign an item                                        | Can assign items to users, positions and resources                                 |
| Can add a comment to an item                              | Can add a note to be added to the history of a record using the yellow comment box |
| Can move an item between events                           | Can move items between events including global workspace events.                   |
| Can see the unassigned counter                            | Can see the counter for non-assigned, active records                               |
| Can create an item without Register Workflow Restrictions | Can bypass workflow states to set any status code at any time                      |

{% if visitor.claims.positions.admin === true %}

#### System-wide security policies

The following are security policies are used to maintain information security and privacy:

{% hint style="danger" %}
Do not use any of these unless directed by Datalink to do so
{% endhint %}

| Security Policy Group | Security Policy                                                      | Use                                                                                                                                                    |
| --------------------- | -------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ |
| Base Policy           |                                                                      |                                                                                                                                                        |
|                       | Base User Policy                                                     | Can edit own profile and access to contacts and logs. Required by all users allowing them general access.                                              |
|                       | <p>Can fake location</p><p></p>                                      | Provides access for users to fake their location                                                                                                       |
| System Policies       |                                                                      |                                                                                                                                                        |
|                       | API Access                                                           | Not available without authorisation (Refer to [API Reference](https://docs.cw.crisisworks.com/security-and-support/technical-reference/api-reference)) |
|                       | <p>Developer</p><p></p>                                              | Not available without authorisation                                                                                                                    |
|                       | <p>Disable Last Known User Location Tracking</p><p></p>              | Users with this permission will have there last know position tracked. Users without this, will not have there last location tracked.                  |
|                       | Finance Access                                                       | Can access the finance module                                                                                                                          |
|                       | <p>Manage Assets and Resources</p><p></p>                            | Can edit and view assets, resources and asset contacts                                                                                                 |
|                       | Manage saved searches, counters and dashboards                       | Can manage saved searches, counters and dashboards                                                                                                     |
|                       | <p>Manage system settings</p><p></p>                                 | Can manage system settings such as maps, lookup and templates                                                                                          |
|                       | <p>Public User Policy</p><p></p>                                     | A group of system level policies. Not register specific.                                                                                               |
|                       | <p>Site Authorised Contact</p><p></p>                                | Receives emails for expired users and other system emails                                                                                              |
|                       | Super-user                                                           | Access to all events and all features                                                                                                                  |
|                       | Update core user information (email, name, organisation) via the api | Provides access to User accounts via the API.                                                                                                          |

{% endif %}