PermitSoft - Technology That Works

Technology

PermitCity is a web-based permitting application which is delivered as either a network-aware appliance device or as a hosted ASP (application service provider) solution.

PermitCity is built as an object hierarchy and interface in the industry standard language PHP. All SQL calls are pure SQL92 compliant, ensuring immediate portability to any RDBMS software.

Server:

PermitCity software is written in the operating system agnostic language/web server combination of PHP/Apache. As a result, we can host on Windows, Mac OSX, Solaris or Linux.

Database:

Our software is database agnostic (purely SQL92 compliant) such as SQL Server, Oracle, or Sybase. We have had phenomenal performance and uptime using the Postgresql database to support our ASP customers with unlimited user.
Security
Access to PermitCity is defined by roles. These roles are coupled with workflow processes as well as various ‘permissions’, all of which are configurable through built-in administrative tools. A user must be assigned the appropriate role in order to carry out tasks within PermitCity.

Absent the proper roles and permissions, the user is simply not presented icons, links or buttons that would allow access to forbidden sections of the application. Without access to the functionality, the user will not be able to modify records.

Additionally, PermitSoft keeps an audit trail of access to the records using a combination of user identification on the record level, as well as web server logs which can determine who was accessing which pages.

Application Access Control: All users are required to log in to the application. User sessions last for a term of eight hours by default, though this can be adjusted by a user with administrative rights. HTTPS protocol running atop SSL encryption is available for all sessions.

Application Permissions: Separation of privileges is maintained through grouping users into roles. For maximum flexibility, PermitSoft allows both the granting of capabilities and restriction from capabilities to roles. Users can belong to multiple roles and roles can contain multiple users.

Audit Trail: PermitSoft has focused on providing an audit trail for any action taken by a user within the system. This audit trail is provided to users by granting an appropriate role the capability of viewing selected audit trails in the reporting interface. As an example, some customers review a report on a daily basis covering all exceptions or adjustments made to estimates, applications, and/or permits. As will be covered under ‘reports’, these reports are available for arbitrary date ranges.

This audit trail covers the ‘who?’, ‘what?’, ‘when?’, ‘why?’, and possibly the ‘how much?’ (If appropriate) questions that often prompt audit trail reviews. This audit trail also links directly to the affected items for easy access.

PermitCity is built from the ground up as a web-based application. As such, user-based authentication and role-based privileges are the basis for its security model.

Permissions and privileges are built into the object interface to verify authorization at every level. By default, all modification and access rights are disallowed.

All permissions are strictly enforced by lower level objects for both the web interface and the SOAP or .NET API.