Versions Compared

Old Version 3

changes.mady.by.user Igor Shakhbazyan

Saved on

compared with

New Version Current

changes.mady.by.user Anna Kryzhanovskaya

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

You can create ACL rules on the different components of the systemcan be applied to various components such as records, tables, fields.

Record ACL Rules

Record ACL rules consists of include table and field names.

  • The table name specifies the table you want to secure. If other tables extend from it If a table has extending tables, then this table is considered to be called a parent table. ACL rules for a parent tables apply to any table that extends the parent tabletable work for its child tables as well.
  • The field name specifies the field that you want to secure. Some fields are part of multiple tables because As a result of table extension, some tables share the same fields. ACL rules rule for fields a field in a parent table can be applicable to any table that extends the parent table.works for the same field in child tables as well.

ACL rules can restrict access to operations listed in the table below. See the ACL article to learn more.ACL rules can secure the following record operations:

OperationDescription 
CreateAllows users to insert inserting new records (rows) into a table.
ReadAllows users to display displaying records from a table.
UpdateWriteAllows users to update updating records in a table.
DeleteAllows users to remove removing records from a table or drop a table.

The processing of record ACL rules goes as follows:

Match the object against table

processes checking in the following order:

  1. Table ACL rules.
Match the object against field
  1. Field ACL rules.

This order ensures that users get establishes hierarchy: first, users gain access to a more general objects before getting access to object and then to a more specific objects. A user one. To access a record, users must pass both table and field ACL rules to access a record object.

  • If a user fails a table ACL rule does not permit access, then access to all fields in the table is denied, even if the user passes a field meets the field ACL rule requirements.
  • If a user passes a table ACL rule allows access, but fails a field ACL rule . the user cannot access the field described by the field ACL rule.denies it, then access to the fields is denied.

Image AddedImage Removed

Table ACL Rules

First, the table ACL rule must be passed. The base system includes STAR wildcard (*) table ACL rules that match every any table or any column. So the user must always pass at least one table ACL rule. The base system provides Access to some specific tables is secured by additional table ACL rules to control access to specific tables.

Table ACL rules are processed processes checking in the as described belowfollowing order:

  1. Match the table belowTable. For example, Incident.Match the parent
  2. Parent table name. For In our example, taskit will be the Task table.
  3. Match any table name (*). For example, *.

If a user fails ALL does not meet any table ACL ruleschecks, then the user cannot access the access is restricted to all fields in any tables. If a user passes meets a table ACL rulecheck, the system then evaluates the they are to pass the field ACL rules.

Field ACL Rules

After

When a table ACL rule is passed,

then

field ACL

rules are processed

rules start checking in the following order:

  1. Match the table Table and field column name. For example, incident.number.Match the parent
  2. Parent table and field column name. For example, task.number, parent table of the Incident table.
  3. Match any Any table (*) and field column name. For example, *.number.
  4. Match the table Table and any field fields (*). For example, incident.*.Match the parent
  5. Parent table and any field (*)columns. For example, task.*.
  6. Match any Any table (*) and any field fields (*). For example, *.*.
A

The user must pass the

table

field ACL rule; otherwise, access to the table fields will be denied. For example

: the

, a user wants to access the Number field in the Incident table. In this case, the user must first pass the table ACL rule.

The

If the first

successful

field ACL rule is passed, the ACL evaluation stops

ACL rule processing

at the

field level. When a user passes a field ACL rule,

column level: the system stops searching

for

other matching field ACL rules. For example, if

a

user

passes

meets the requirements of the field ACL rule

for

for incident.number, the system stops searching for other ACL rules that secure

the 

the Number

 field

 field in the

incident table

Incident table, i.e., only step 1 is taken.

Table of Contents
absoluteUrltrue
classfixedPosition