Security/Data restrictions
Understanding permissions
Data access is retricted in two ways
- Mandatory permissions granting access to
- Certain groups of fields (blocks)
- Records in certain status
- Optional filters binding certain data to certain users
- Owner user
- List of users
- Per group
Permissions [mandatory]
Permissions to solutions are granted as a sum of multiple permissions.
Each permission contains
- Group
- 0-1 Status (records have status)
- 0-1 Blocks (fields belong to blocks)
- Read permission
- Write permission
Differentiated FIELD level access
Fields belong to blocks.
Differentiated STATE level access
Permissions may be bound to a certain status.
Filters [optional]
All ownership options can be overrided by belonging to a certain group, that ignores all types of filters (3 below).
Access to configuration:
Designer > [solution] > Security - Filters
Ownership by data exclusive group
Designer attribute: Use Exclusive groups for access control
The solution contains a Exclusive group that defines a group with access to this piece of data.
- Scope: Group
- Cardinality: One
Ownership by data member lists
Designer attribute: Use Lists of members for each item
The solution contains a memberlist field where users can have their access added or removed. Behind the scenes a table with a relation between the record and the user is maintained.
- Scope: User
- Cardinality: Many
Ownership by being the creator
Designer attribute: Use Creator only restriction (ignore group recommended)
You must have created this record in order to see access it.
- Scope: User
- Cardinality: One