Wyn Enterprise introduces Strict Permission Management to enable administrators to control the scope of permissions that Organization Administrators can set for their respective organizations, roles, and sub-organizations. You can control the scope of permissions for a particular sub-organization using the Enable Strict Permission Management switch in the Wyn.conf file. The Wyn.conf file is generally located at C:\Program Files\Wyn Enterprise\Monitor\conf.

By default, the Enable Strict Permission Switch is,

• Disabled for the users upgrading Wyn Enterprise from the older versions.

• Enabled for new installations.

To enable strict permission management,

1. Edit the Wyn.conf file in editor mode and add the following to enable strict permission management.

   <EnableStrictPermissionManagement>true</EnableStrictPermissionManagement> 

2. Save the file and restart Wyn.

3. Once the Enable Strict Permission Management switch is enabled, the Permissions tab for Organizations will now be used to configure the organization permission scope which was earlier used to configure permissions of the Everyone role. By default, the full scope of permissions is enabled for all organizations.
   

4. Now, the permissions for the Everyone role will be configured from the Roles page only and not from the Organization Management tab.

   
   

5. When an administrator modifies the permission scope of an organization, they are prompted that this action will remove certain permissions from the sub-organizations. Suppose the new permission scope removes the permissions that were previously assigned within the sub-organization. In that case, those permissions will also be deleted for all sub-organizations and roles under that organization.

6. When an administrator moves an organization on the Organization Management tab and the permission scope of the organization being moved exceeds that of its parent organization at the target location, they will be prompted with the following message:

   The permissions of the child organization cannot be larger than those of the parent organization, so please modify the organization's permissions before proceeding with the operation.

7. Note the following:

   1. It allows you to set specific permission limits for each organization.

   2. For Global Organization, all permissions in permission scope are enabled by default and cannot be edited.

   3. Organization administrators can configure the scope of permissions for each sub-organization. However, the permission scope of the sub-organization cannot vary from the parent organization's permissions.

   4. Each role within an organization cannot exceed the permission range of the current organization.

   5. When you apply new permissions to an organization's scope, the permissions are not automatically applied to the existing roles in that organization. The organization administrator needs to manually assign new permissions to the roles.

   6. When you remove permission from the organization's scope, it is also removed from all roles within the organization. Additionally, all sub-organization permissions will also be removed maintaining a cascading effect.

   7. When you add a new sub-organization, it will inherit the permission scope of the parent organization.

   8. When you add a new role to an organization, all permissions are disabled by default.

Note: When the Enable Strict Permission Management switch is changed from True to False, the permission scope of the authority will be deleted for all organizations.