Difference between revisions of "Custom Access Criteria"
imported>Aeric |
imported>Aeric |
||
(9 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
Custom Access Criteria can be used in place of [[ | Custom Access Criteria lets you specify who can access/update/delete individual records, based on the data in the record, characteristics of the current user, and any other available information. | ||
:''Compare with:'' | |||
:* [[Roles]] | |||
:* [[Role-Based Field Visibility|Field Visibility (Role-Based Field Visibility)]] | |||
==About Custom Access Criteria== | |||
Custom Access Criteria can be used in place of [[Data Access Permissions]]. Custom Access Criteria are a set of rules which define the [[Users]] who can perform any of the following Actions on [[Record]]s in [[Objects]]: | |||
:*Add | :*Add | ||
:*Update | :*Update | ||
Line 8: | Line 15: | ||
When a rule associated with an action evaluates to ''True'', the user has access to the records and can perform the action. | When a rule associated with an action evaluates to ''True'', the user has access to the records and can perform the action. | ||
:''For other uses, see [[Access | :''For other uses, see [[Access Controls]]. | ||
{{tenantfeatures|}} | {{tenantfeatures|}} | ||
==How it Works== | ==How it Works== | ||
:In an inventory management system, all records in the Inventory Object are visible to everyone (all [[Users]]). However, the operational policy states that only users with a valid ''Cost center code'' for the Purchasing Department can Add, Update, or Delete Inventory records. | :In an inventory management system, all records in the Inventory Object are visible to everyone (all [[Users]]). However, the operational policy states that only users with a valid ''Cost center code'' for the Purchasing Department can Add, Update, or Delete Inventory records. | ||
:Although it is possible to design access controls based on standard [[ | :Although it is possible to design access controls based on standard [[Data Access Permissions]], it could become a recurring, complex task; because users and teams are dynamic and change frequently, role- and team-based controls must be updated as the business structure evolves. | ||
:A better solution is to add a '''Custom Access Criteria''', which would act as follows: | :A better solution is to add a '''Custom Access Criteria''', which would act as follows: | ||
Line 20: | Line 26: | ||
:*On a ''view'' action (View a record or View a List of records), display the records | :*On a ''view'' action (View a record or View a List of records), display the records | ||
{{permissionRef|Customize Objects|select Custom Access Criteria and build Access Control rules}} | |||
{{ | |||
==Add Custom Access Criteria== | ==Add Custom Access Criteria== | ||
To add or edit Custom Access Criteria: | To add or edit Custom Access Criteria: | ||
#Click '''Designer | #Click '''Designer > Objects''' | ||
#Select an object | #Select an object | ||
#Click the [Edit] button | #Click the '''[Edit]''' button | ||
#From the Properties tab, ''Access Control'' section, choose one of the following options: | #From the Properties tab, ''Access Control'' section, choose one of the following options: | ||
#:;Role Based Permissions:Default | #:;Role Based Permissions:Default | ||
#::*No rules specified, matches {{enterprisebrand}} through V6.2 | #::*No rules specified, matches {{enterprisebrand}} through V6.2 | ||
#::*Enforces Role- and Team-based access control ([[ | #::*Enforces Role- and Team-based access control ([[Data Access Permissions]]) | ||
#:;Custom Access Criteria: | #:;Custom Access Criteria: | ||
#::*If selected, ''Role Based Access Control'' is not enforced | #::*If selected, ''Role Based Access Control'' is not enforced | ||
Line 44: | Line 49: | ||
#Click the [Check Syntax] button to verify that the formula is valid and returns a Boolean value (i.e. True or False) | #Click the [Check Syntax] button to verify that the formula is valid and returns a Boolean value (i.e. True or False) | ||
#:Learn more: [[Expressions#Formula_Expressions|Formula Expressions]] | #:Learn more: [[Expressions#Formula_Expressions|Formula Expressions]] | ||
=== About Building Custom Access Criteria=== | === About Building Custom Access Criteria=== | ||
Considerations for building Custom Access Criteria: | Considerations for building Custom Access Criteria: | ||
*If the ''Custom Access Criteria'' option is enabled, then the [[ | *If the ''Custom Access Criteria'' option is enabled, then the [[Data Access Permissions]] are not enforced by default | ||
*If the ''Custom Access Criteria'' is enabled and the action fields are empty, then all users have access to all records for all available actions | *If the ''Custom Access Criteria'' is enabled and the action fields are empty, then all users have access to all records for all available actions | ||
*Fields available to build criteria are: | *Fields available to build criteria are: | ||
Line 59: | Line 63: | ||
===About Importing Data=== | ===About Importing Data=== | ||
When importing data into an object where [[Custom Access Criteria]] rules are applied, no validations are performed at this time. This means that any data can be imported, regardless of the Custom Access Criteria rules. | When importing data into an object where [[Custom Access Criteria]] rules are applied, no validations are performed at this time. This means that any data can be imported, regardless of the Custom Access Criteria rules. | ||
<noinclude> | |||
[[Category:Features]] | |||
[[Category:Glossary]] | |||
</noinclude> |
Latest revision as of 00:34, 4 April 2014
Custom Access Criteria lets you specify who can access/update/delete individual records, based on the data in the record, characteristics of the current user, and any other available information.
- Compare with:
About Custom Access Criteria
Custom Access Criteria can be used in place of Data Access Permissions. Custom Access Criteria are a set of rules which define the Users who can perform any of the following Actions on Records in Objects:
Rules are built by combining User and Object fields with Formula Functions to build Boolean Expressions (which evaluate to True or False). When a rule associated with an action evaluates to True, the user has access to the records and can perform the action.
- For other uses, see Access Controls.
- The Custom Access Criteria option is managed by a Service Provider admin
- This feature is disabled, by default
- Learn more: Tenant Configuration Options
How it Works
- In an inventory management system, all records in the Inventory Object are visible to everyone (all Users). However, the operational policy states that only users with a valid Cost center code for the Purchasing Department can Add, Update, or Delete Inventory records.
- Although it is possible to design access controls based on standard Data Access Permissions, it could become a recurring, complex task; because users and teams are dynamic and change frequently, role- and team-based controls must be updated as the business structure evolves.
- A better solution is to add a Custom Access Criteria, which would act as follows:
- On an add, update or delete action for any inventory record, verify that the user record contains a valid Cost center code from the Purchasing department, then display the records
- On a view action (View a record or View a List of records), display the records
Users that have the Customize Objects permission can select Custom Access Criteria and build Access Control rules
Add Custom Access Criteria
To add or edit Custom Access Criteria:
- Click Designer > Objects
- Select an object
- Click the [Edit] button
- From the Properties tab, Access Control section, choose one of the following options:
- Role Based Permissions
- Default
- No rules specified, matches LongJump Platform through V6.2
- Enforces Role- and Team-based access control (Data Access Permissions)
- Custom Access Criteria
-
- If selected, Role Based Access Control is not enforced
- Create criteria for any (or all) of the available actions
- In the Custom Access Criteria Builder, complete the following information:
- Click the Edit link to create or edit an action rule:
-
- Note: Owner and Creator fields are available as criteria, where Owner is the Record Owner and Creator is the Record Creator
- Owner and Creator fields are not available in List View or Record View Actions
- Click the [Check Syntax] button to verify that the formula is valid and returns a Boolean value (i.e. True or False)
- Learn more: Formula Expressions
About Building Custom Access Criteria
Considerations for building Custom Access Criteria:
- If the Custom Access Criteria option is enabled, then the Data Access Permissions are not enforced by default
- If the Custom Access Criteria is enabled and the action fields are empty, then all users have access to all records for all available actions
- Fields available to build criteria are:
- Fields in the Object
- Rollup Summary Fields
- Fields in the Users Object, including custom fields
- For Add and Update actions, the formula is evaluated using the new field values (i.e., values that are part of the add/update action, not the field values in the database prior to the action)
About Importing Data
When importing data into an object where Custom Access Criteria rules are applied, no validations are performed at this time. This means that any data can be imported, regardless of the Custom Access Criteria rules.