Access Controls: Table.none vs Table.* - what's the difference

martinsk · ‎10-06-2017

Hi

Can someone clarify the difference is between a field-level acl in the form table.* and a record-level acl for that table? I'm assuming the wildcard scoops up all fields in the table, so what is it achieving that the table-level one isn't?

Thanks in advance.

Martin

snehabinani26 · ‎10-06-2017

Hi Martin,

Table.* is a field level ACL which gives Access to all field on that table.

Table.none is a row level ACL allows you to access records.

I usually use an "image" of an house with rooms to explain it.

Your record (table.none) is an house

table.* means all the rooms

table.comments is one precise room (living room) of the house

So I'm a painter and you asked me to paint your living room.

You give me write access to table.* but not to table.none, that means I'll be able to modify fields (enter into the living room) BUT I won't be able to save the information (enter into the house).

And as I'm very polite, I won't try to enter by breaking the windows, so please if you want me to paint your living room, give me an access to your house.

Btw, take care of giving table.* because you're letting me doing the access (reading / writing) of all the rooms of the house and sometimes we prefer to let some doors closed like the "office room" because we have private information there and I shouldn't (as a painter) have an access to these information.

In that specific case, I'll give my painter:

house.none write access
house.living_room write access
BUT not house.*

Hope this little explanation makes the things clearer, if not feel free to ask again

sergiu_panaite · ‎10-06-2017

Nice analogy

martinsk · ‎10-06-2017

Hi Sneha

Thanks for the speedy response, and the explanation.

I guess what I'm driving at is, if you give someone house.none (write) and house.* (write), isn't that the same as just giving them house.none (write)?

Martin

hbhm · ‎11-17-2017

Very nice way of explaining this.Very helpful.

Thanks