Security/Data restrictions

From TempusServa wiki
Revision as of 10:39, 9 March 2013 by old>Admin (→‎Understanding permissions)
Jump to navigation Jump to search

Understanding permissions

Data access is retricted in two ways

  • Mandatory permissions granting access to
    • Certain groups of fields (blocks)
    • Records in certain status
  • Optional filters binding certain data to certain users
    • Owner user
    • List of users
    • Per group

Differentiated access [mandatory]

Permissions to solutions are granted as a sum of multiple permissions.

Each permission contains

  • Group
  • 0-1 Status (records have status)
  • 0-1 Blocks (fields belong to blocks)
  • Read permission
  • Write permission

Differentiated FIELD level access

Fields belong to blocks.

Differentiated STATE level access

Permissions may be bound to a certain status.


Data/record filters [optional]

All ownership options can be overrided by belonging to a certain group, that ignores all types of filters (3 below).

Access to configuration: Designer > [solution] > Security - Filters

Ownership by data exclusive group

Designer attribute: Use Exclusive groups for access control

The solution contains a Exclusive group that defines a group with access to this piece of data.

  • Scope: Group
  • Cardinality: One

Ownership by data member lists

Designer attribute: Use Lists of members for each item

The solution contains a memberlist field where users can have their access added or removed. Behind the scenes a table with a relation between the record and the user is maintained.

  • Scope: User
  • Cardinality: Many

Ownership by being the creator

Designer attribute: Use Creator only restriction (ignore group recommended)

You must have created this record in order to see access it.

  • Scope: User
  • Cardinality: One