You can create ACL rules on the different components of the system.
Record ACL Rules
Record ACL rules consists of table and field names.
- The table name specifies the table you want to secure. If other tables extend from it, then this table is considered to be a parent table. ACL rules for parent tables apply to any table that extends the parent table.
- The field name specifies the field that you want to secure. Some fields are part of multiple tables because of table extension. ACL rules for fields in a parent table can be applicable to any table that extends the parent table.
ACL rules can secure the following record operations:
| Operation | Description |
|---|---|
| Create | Allows users to insert new records (rows) into a table. |
| Read | Allows users to display records from a table. |
| Update | Allows users to update records in a table. |
| Delete | Allows users to remove records from a table or drop a table. |
The processing of record ACL rules goes as follows:
- Match the object against table ACL rules.
- Match the object against field ACL rules.
This order ensures that users get access to more general objects before getting access to more specific objects. A user must pass both table and field ACL rules to access a record object.
- If a user fails a table ACL rule, then access to all fields in the table is denied, even if the user passes a field ACL rule.
- If a user passes a table ACL rule, but fails a field ACL rule. the user cannot access the field described by the field ACL rule.
Processor ACL Rules
System Security → Access Control (ACL)
