ACL rules allow securing access to objects and operations depending on your needs while handling your daily tasks.
Role required: security_admin.
Elevate your privileges to this role to create or perform any other operations with ACL rules.
To create an ACL rule, please complete the following steps:
- Navigate to the System Security → Access Control (ACL).
- Click New and fill in the fields.
- Click Save or Save and Exit to apply changes.
ACL check is performed using three fields combined:
- Roles
- Condition
- Script.
If the Roles field of the ACL rule is empty, the next step is the condition check, if any specific condition was put down. If the Condition field is empty, then the Script field is to check for the specific conditions, attributes, or checks.
If any of these steps fail, then the ACL check fails, too.
The scheme below represents the ACL check process:
Access control fields
| Field | Mandatory | Description | ||||
|---|---|---|---|---|---|---|
| Name | Y | This field is read-only and will be populated automatically by the system after saving the record. The word in square brackets indicates the operation. The name after the first period indicates the secured table and the column (if there is one specified in the Column field) after another period: [Delete].sys_history [Read].sys_history.created_by This field supports wildcard character asterisk (*) in place of a record, table, or field name, which allows selecting all objects matching a record type, all tables, or all fields. A wildcard character and a text search cannot be combined.
| ||||
| Operation | Y | Select the operation to secure. Available options:
One ACL rule can secure only one operation. To secure over one operation, create a separate ACL rule for each of them. | ||||
| Any Tables | N | Select this checkbox to secure all tables in the system. When selected, the Table field will be hidden until unchecked. | ||||
| Table | Y | Specify a table to be secured. One ACL rule can secure only one table. To secure over one table, create a separate ACL rule for each of them. | ||||
| Description | N | Enter a description of the object or permissions this ACL rule secures. | ||||
| Roles | N | Specify the role required to pass the ACL check. After the role is specified, users who do not have this role will not pass this check. You can select several roles. Roles are chosen out of the Roles (sys_role) dictionary. | ||||
| Active | N | If this checkbox is selected, then this ACL rule is active. | ||||
| Admin Overrides | N | Select this checkbox for the system administrators (with the admin role) to pass the ACL rule automatically. Admin users will access the object or operation regardless of the existing restrictions. Clear this checkbox to have the system administrators take the security checks to access the secured object. Define filters in the condition builder or in the Script field to create a permissions check that admin users must meet to get access. | ||||
| Any Fields | N | If this checkbox is selected, the ACL rule will secure all columns in the system. When checked, the Column field will be hidden until unchecked. | ||||
| Column | N | Select a column to be secured. One ACL rule can secure only one column. If you want to secure over one column, create a separate ACL rule for each of them. | ||||
| Condition | N | Define permissions to be met by selecting fields and values in the condition builder. | ||||
| Script | N | Specify a script implementing the permissions to be met. The script must return an answer variable equal to 'true' or 'false'. |
