You can create customized ACL rules to secure allow securing access to objects and operations depending on your needs while handling your daily tasks.
| Tip |
|---|
Role required: security_admin. Elevate your privileges to this role to create or perform any other operations with ACL rules. |
To create an ACL rule, please complete the following steps:
- Navigate to the System Security → Access Control (ACL).
- Click New and fill in the fields.
- Click Save or Save and Exit to apply changes.
| Tip |
|---|
ACL check is performed using three fields combined:
If the user does not have any role specified in the Role ID field, after this Roles field of the ACL rule is empty, the next step is the condition check, if there is any specific condition was put down. If the condition Condition field is empty, then the Script field is to check for the specific conditions, attributes, or checks. If any of these steps fail, then the ACL check fails, too. This basic scheme can be helpful for understanding.The scheme below represents the ACL check process:
|
Access control fields
| Field | Mandatory | Description | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Name | Y | record name or the table and field names. This field is read-only and will be populated automatically by the system after saving the record. The word in square brackets indicates the operation. The name after the first period indicates the secured table, and the column (if there is one specified in the Column field) after another period: [Delete].sys_history [Read].sys_history.created_by
| ||||||||||||
| Operation | Y | Select the operation to secure. Available options:
| ||||||||||||
| Any Tables | N | If Select this checkbox is selected, then the ACL rule will secure ALL to secure all tables in the system. When it checkedselected, the table Table field will be hidden until unchecked. | ||||||||||||
| Table | Y | Select Specify a table to be secured.
| ||||||||||||
| Description | N | Enter a description of the object or permissions this ACL rule secures. | ||||||||||||
| Roles | N | Specify the role that the user must have required to pass this the ACL check. After After the role is specified, the users that who do not have this role will not pass this check. More than one role can be selectedYou can select several roles.
| ||||||||||||
| Active | N | If this checkbox is selected, then this ACL rule is active. | ||||||||||||
| Admin Overrides | N | If Select this checkbox is selected, then users for the system administrators (with the admin role automatically ) to pass the permissions check for this ACL rule automatically. Admin users pass will access the object or operation regardless of what script or role restrictions applythe existing restrictions. Clear this checkbox if these users must take security checks specified in this ACL rule to get access to to have the system administrators take the security checks to access the secured object. Use Define filters in the condition builder or in the Script field to create a permissions check that administrators must passadmin users must meet to get access. | ||||||||||||
| Any Fields | N | If this checkbox is selected, then the ACL rule will secure ALL all columns in the system. When it checked, the column Column field will be hidden until unchecked,. | ||||||||||||
| Column | N | Select a column to be secured.
| ||||||||||||
| Condition | N | Use this condition builder to select the Define permissions to be met by selecting fields and values that must be met for users to access the objectin the condition builder. | ||||||||||||
| Script | N | Here you can enter Specify a customscript describingimplementing the permissions requiredto access the objectbe met. The script must return an answer variable set to a value of true or false.an answer variable equal to 'true' or 'false'. |
