You can create customized ACL rules to secure access to objects and operations while handling your daily tasks.
Role required: security_admin
Elevate your privileges to this role to create or perform any other operations with ACL rules.
To create an ACL rule, please complete the following steps:
- Navigate to the System Security → Access Control.
- Click New and fill in the fields.
- Click Save or Save and Exit to apply changes.
ACL check is performed using three fields combined:
- Roles
- Condition
- Script.
If the user does not have any role specified in the Role ID field, after this, the next step is the condition check, if there is any specific condition was put down. If the condition is empty, then the Script field is to check for the specific conditions, attributes, or checks.
If any of these steps fail, then the ACL check fails, too.
This basic scheme can be helpful for understanding.
Access control fields
Field | Mandatory | Description |
---|---|---|
Name | Y | The name of the object to secure, either the record name or the table and field names. This field supports wildcard character asterisk (*) in place of a record, table, or field name to select all objects that match a record type, all tables, or all fields. A wildcard character and a text search cannot be combined. For example, pro* is not a valid ACL rule name, but problem.* and *.task are valid ACL rule names. |
Operation | Y | Select the operation this ACL secures. Available options:
One ACL rule can secure only one operation. To secure over one operation, create a separate ACL rule for each of them. |
Any Tables | N | If this checkbox is selected, then the ACL rule will secure ALL tables in the system. When it checked, the table field will be hidden until unchecked. |
Table | Y | Select a table to be secured. If you want to secure over one table, create a separate ACL rule for each of them. This field is mandatory. |
Description | N | Enter a description of the object or permissions this ACL rule secures. |
Roles | N | Specify the role that the user must have to pass this ACL check. After the role is specified, the users that do not have this role will not pass this check. More than one role can be selected. Roles are chosen out of the Roles (sys_role) dictionary. |
Active | N | If this checkbox is selected, then this ACL rule is active. |
Admin Overrides | N | If this checkbox is selected, then users with the admin role automatically pass the permissions check for this rule. Admin users pass regardless of what script or role restrictions apply. Clear this checkbox if these users must take security checks specified in this ACL rule to get access to the secured object. Use the condition builder or the Script field to create a permissions check that administrators must pass. |
Any Fields | N | If this checkbox is selected, then the ACL rule will secure ALL columns in the system. When it checked, the column field will be hidden until unchecked, |
Column | N | Select a column to be secured. If you want to secure over one column, create a separate ACL rule for each of them. |
Condition | N | Use this condition builder to select the fields and values that must be met for users to access the object. |
Script | N | Here you can enter a custom script describing the permissions required to access the object. The script must return an answer variable set to a value of true or false. |