ACL Question: <tablename> vs <tablename>.* ???

howard8 · ‎02-10-2014

Hi All,

Sorry if this is a silly question but I have read the wiki and still don't understand the difference between 2 types of ACL rule. What's the difference between <table> and <table>.* when used in an ACL. My instance seems to have both rules repeated on several tables and I don't understand if one is incorrect or if they serve different purposes. Maybe I have missed something in the wiki. If someone can explain it, maybe with an example, I would really appreciate it.

Thanks in advance.

Howard Elton.

david_legrand · ‎02-10-2014

Hi Howard,

It's not a silly question and in fact it's easy to understand when you know it

I'm usually use an "image" of an house with rooms to explain it.

Your record (table.none) is an house

table.* means all the rooms

table.comments is one precise room (living room) of the house

So I'm a painter and you asked me to paint your living room.

You give me write access to table.* but not to table.none, that means I'll be able to modify fields (enter into the living room) BUT I won't be able to save the information (enter into the house).

And as I'm very polite, I won't try to enter by breaking the windows, so please if you want me to paint your living room, give me an access to your house.

Btw, take care of giving table.* because you're letting me doing the access (reading / writing) of all the rooms of the house and sometimes we prefer to let some doors closed like the "office room" because we have private information there and I shouldn't (as a painter) have an access to these information.

In that specific case, I'll give my painter:

house.none write access
house.living_room write access
BUT not house.*

Hope this little explanation makes the things clearer, if not feel free to ask again

View solution in original post

eican · ‎02-10-2014

Nice — I like that picture of an house â˜º