basic access controls

juan9 · ‎07-09-2025

i have a incident table,

there are four columns on job table: category, sub-category, description , state.

i want the tenant user to be able to create records and only be able to edit column description when state!= 'closed'.

How can i achieve this?

this is what I think, I should give acls 1,2,3,4 to the role tenant.

role: tenant

acl1: read on job.none

acl2: create on job.none

acl3: write on job.none

acl4: write on job.description when state != 'closed'

other acls present

acl5: write on job.category

acl6: write on job.sub-category

acl7: write on job.description

acl8: write on job.state

does this work?

is there a better way to do it?

Swapna Abburi · ‎07-09-2025

Hi @juan9

Based on your explanation, I am assuming tenant is a role in your instance. Your approach is right but you don't need acl 5,6 and 8 as you don't have a requirement of conditional write access on category, subcategory and state fields.

Also, acl 7 is not needed, it will be taken care in acl 4.

J Siva · ‎07-09-2025

Hi @juan9

ACLs 1,2,3,4 will grant read, create, write (only to the description field) access to the user with the role 'tenant'.

To restrict them from editing the other field, you can go with job.* Write ACL with role 'Admin'.

So that system will not allow non admin users to make changes on the other fields except description.

Hope this helps.

Regards,

Siva