You can create ACL rules on the different components of the systemcan be applied to various components such as records, tables, fields.
Record ACL Rules
Record ACL rules consists of include table and field names.
- The table name specifies the table you want to secure. If other tables extend from it If a table has extending tables, then this table is considered to be called a parent table. ACL rules for a parent tables apply to any table that extends the parent tabletable work for its child tables as well.
- The field name specifies the field that you want to secure. Some fields are part of multiple tables because of table extension. ACL rules for fields As a result of table extension, some tables share the same fields. ACL rule for a field in a parent table can be applicable to any table that extends the parent table.
- works for the same field in child tables as well.
ACL rules can restrict access to operations listed in the table below. See the ACL article to learn more.
| Operation | Description |
|---|---|
| Create | Allows users |
| inserting new records (rows) into a table. | |
| Read | Allows users |
| displaying records from a table. |
| Write | Allows users |
| updating records in a table. | |
| Delete | Allows users |
| removing records from |
| a table. |
The processing of record ACL rules
goes as follows:processes checking in the following order:
- Table
- ACL rules.
- Field ACL rules.
This order
ensures that users getestablishes hierarchy: first, users gain access to a more general
objects before getting access toobject and then to a more specific
objects. A userone. To access a record, users must pass both table and field ACL rules
to access a record object.
- If
- a table ACL rule does not permit access, then access to all fields in the table is denied, even if the user
- meets the field ACL rule requirements.
- If a
- table ACL rule allows access, but
- a field ACL rule denies it, then access to the fields is denied.
Table ACL Rules
First, the table ACL rule must be passed. The base system includes wildcard (*) ACL rules that match any table or any column. So the user must always pass at least one table ACL rule. Access to some specific tables is secured by additional table ACL rules.
Table ACL rules processes checking in the following order:
- Table. For example, Incident.
- Parent table. In our example, it will be the
- Task table.
- Match any table name (*).
If a user does not meet any table ACL checks, the access is restricted to all fields in any tables. If a user meets a table ACL check, they are to pass the field ACL rules.
Field ACL Rules
When a table ACL rule is passed, field ACL rules start checking in the following order:
- Table and column name. For example, incident.number.
- Parent table and column name. For example, task.number, parent table of the Incident table.
- Any table (*) and column name. For example, *.number.
- Table and any fields (*). For example, incident.*.
- Parent table and any columns. For example, task.*.
- Any table (*) and any fields (*). For example, *.*.
The user must pass the field ACL rule; otherwise, access to the table fields will be denied. For example, a user wants to access the Number field in the Incident table. In this case, the user must first pass the table ACL rule.
If the first field ACL rule is passed, the ACL evaluation stops at the column level: the system stops searching other matching field ACL rules. For example, if user meets the requirements of the field ACL rule for incident.number, the system stops searching for other ACL rules that secure the Number field in the Incident table, i.e., only step 1 is taken.
Processor ACL Rules
System Security → Access Control (ACL)
Table ACL Rules
Field ACL Rules| Table of Contents | ||||
|---|---|---|---|---|
|