Difference between revisions of "Security/Data restrictions"

Understanding permissions

Data access is retricted in two ways

• Mandatory permissions granting access to
  • Certain groups of fields (blocks)
  • Records in certain status

• Optional filters binding certain data to certain users
  • Owner user
  • List of users
  • Per group

Differentiated access [mandatory]

Permissions to solutions are granted as a sum of multiple permissions.

Each permission contains

• Group
• 0-1 Status (records have status)
• 0-1 Blocks (fields belong to blocks)
• Read permission
• Write permission

Differentiated FIELD level access

Fields belong to blocks.

Differentiated STATE level access

Permissions may be bound to a certain status.

Data/record filters [optional]

All ownership options can be overrided by belonging to a certain group, that ignores all types of filters (3 below).

Access to configuration: Designer > [solution] > Security - Filters

Ownership by data exclusive group

Designer attribute: Use Exclusive groups for access control

The solution contains a Exclusive group that defines a group with access to this piece of data.

• Scope: Group
• Cardinality: One

Ownership by data member lists

Designer attribute: Use Lists of members for each item

The solution contains a memberlist field where users can have their access added or removed. Behind the scenes a table with a relation between the record and the user is maintained.

• Scope: User
• Cardinality: Many

Ownership by being the creator

Designer attribute: Use Creator only restriction (ignore group recommended)

You must have created this record in order to see access it.

• Scope: User
• Cardinality: One