Our products utilize a simple yet effective three-tier permissions system (i.e. Standard User, Division Administrator & System Administrator) to identify what each user accessing a database can do.
![Projects](/sites/default/files/styles/large/public/2019-03/Collaborate%20-%20multi%20project_0.png?itok=5a4C3aBr)
By default all new projects are unlocked, meaning any user can access and edit data in a project.
Once a project has access permissions applied, the project is locked and only named users and administrators can access and edit data.
Read-only access can be applied to users that are not named if required.
![Templates](/sites/default/files/styles/large/public/2019-03/Files_1.png?itok=nFByvAyM)
Templates are protected in collections throughout the system to control which users can make changes:
- Global Collections - database wide collections that can only be edited by System Administrators, but copied by Division Administrators & Standard Users.
- Master Collections - division wide collections that can only be edited by Division & System Administrators, but copied by Standard Users.
- Project Collections - project specific collections that can be edited by anyone with access to the project.
![Divisions](/sites/default/files/styles/large/public/2019-03/Divisions_1.png?itok=6F54nFQF)
Division & System Administrators can access and change anything related to a division setup, including:
- Table & Column properties
- Lookup values
- Project permissions
![Change Database](/sites/default/files/styles/large/public/2019-03/Database2.png?itok=mho-gsSt)
System Administrators have the additional ability to define the database design.
![Extra security](/sites/default/files/styles/large/public/2019-03/Database.png?itok=NakNrVKr)
If additional security is required, this can be implemented through Microsoft SQL Server roles. This allows security to be fine tuned and further tightened, including column and row level security.