- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 02-07-2020 02:31 AM
ACL(Access Control List)
An instance uses access control list (ACL) rules, also called access control rules, to control what data users can access and how they can access it.(Simply restricting data)
ACL rules require users to pass a set of requirements in order to gain access to particular data.
Each ACL rule specifies:
- The object and operation being secured
- The permissions required to access the object
Table ACL Rule
The user must first pass the table ACL rule. Since the base system includes STAR (*) table ACL rules that match every table, the user must always pass at least one table to ACL rule. The base system provides additional table ACL rules to control access to specific tables.
Table ACL rules are processed in the following order:
Match the table name. For example, incident.
Match the parent table name. For example, task.
Match any table name (*). For example, *.
If a user fails all table ACL rules, the user cannot access the fields in any table. If a user passes a table ACL rule, the system then evaluates the field ACL rules.
Field ACL Rule
After a user passes a table ACL rule, field ACL rules are processed in the following order:
Match the table and field name. For example, incident.number.
Match the parent table and field name. For example, task.number.
Match any table (*) and field name. For example, *.number.
Match the table and any field (*). For example, incident.*.
Match the parent table and any field (*). For example, task.*.
Match any table (*) and any field (*). For example, *.*.
Define( None ,(*),Field 😞
These terms define through the example
Examples:
| Action | Role 1 | Role2 | User with Role 1 | User with Role 2 | |
| Read | table.none | table.none | Can read all field | Can read all field | |
| Write | table.none | table.none | Cannot Read form and field | Cannot Read form and field | |
| Read | table.none | table.none | Can Read all Field | Can See table without field | |
| Read | table.* | ||||
| Read | table.none | table.none | Can Read all Field except field | Can See only the field | |
| Read | table.* | table.field | |||
| Read | table.none | table.none | Can read all field except the field | Can Read all fields | |
| Read | table.* | table.* | |||
| Read | table.field | ||||
| Read | table.none | table.none | Can Read all Fields | can Read all except the field | |
| Read | table.field | ||||
| Read | table.none | table.none | Can Read and Write all fields | Can Read all fields | |
| Write | table.none | ||||
| Read | table.none | table.none | Can Read all Fields | Can Read all Fields | |
| Write | table.none | table.* | |||
| Read | table.none | table.none | Can Read and Write all fields | Can Read and Write all fields | |
| Write | table.none | table.none | |||
| Read | table.none | table.none | Can Read and Write all fields | Can Read all fields | |
| Write | table.none | table.none | |||
| write | table.* | ||||
| Read | table.none | table.none | Can Read and Write all fields | Can Read and Write all fields | |
| Write | table.none | table.none | |||
| Write | table.* | table.* | |||
| Read | table.none | table.none | Can read all and write all field except the field | Can Read all Fields | |
| Write | table.none | ||||
| Write | table.field | ||||
| Read | table.none | table.none | Can Read all fields | Can Read and Write all fields | |
| Write | table.none | table.none | |||
| Write | table.* | ||||
| Write | table.field | ||||
| Read | table.none | table.none | Can Write all fields except the one field | Can Read and Write all fields | |
| Write | table.none | table.none | |||
| Write | table.* | table.* | |||
| Write | table.field | ||||
| Read | table.none | table.none | Can Read all the fields | Can Read all the fields | |
| Write | table.field | ||||
| Read | table.none | table.none | Can Write one field but read all field | Can Write one field but read all field | |
| Write | table.none | table.none | |||
| Write | table.*(with answer=false) | table.*(with answer=false) | |||
| Write | table.field | table.field | |||
| Read | table.none | table.none | Can write only one field | Can Write all Fields except one field | |
| Write | table.none | table.none | |||
| Write | table.field | table.* | |||
| Read | table.none | table.none | Can Read and Write all the fields | Can write all Fields except one | |
| Write | table.none | table.none | |||
| Write | table.field | ||||
| Read | table.none | Can see only one field | Security Constraint issue | ||
| Read | table.* | ||||
| Read | table.field | ||||
Thanks,
Shrutika
- 3,248 Views
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi Shrutika,
Can you explain the last example. how will it only give only one field access to user with Role1?
