Object permissions
Define permissions for the Securable object
The Securable object contains data about the objects in your tenant for which permissions can be modified. The Access Control List allows you to define permissions for the Securable object. Modifying permissions for an object allows you to grant access to actions that affect the object, which can be executed from API calls or portal pages. You can grant a role full access, custom access, or no access to the object. You can also customize the level of access users have to the actions and fields within the object. The TenantAdministrator role has full access to all objects.
To define permissions for the Securable object, complete the following steps in the portal.
-
Go to the ACL page.Step InformationNote:The default location for the ACL page is Configuration > ACL. If the menu items for your tenant have been customized, it may be located elsewhere. For more information, contact your tenant administrator.
-
In the list, expand Object (System), and then select Securable Object.Step InformationResult: The list of roles displays, along with each role's access to the object.
-
Select a role from the list, and then select Modify.
-
In the context menu, select one of the following options.
-
To allow the role full access to the object, select Full Access.Note:This allows all users within the role to use API calls to add, read, modify, search, and update the object itself, and all fields within the object.
-
To prevent the role from being able to view the object, select No Access.
-
To customize the level of access the role will have to the object, select Custom Access.
Expected ResultResult: If you selected Full Access or No Access, a "Permissions Applied" message displays, indicating that the object permissions were successfully updated. If the role has access to any portal pages that use data from the object, the pages inherit the new permissions. -
-
If you selected Custom Access, under Action Level Permissions, turn the Execute switch on to allow, or off to disallow, each of the following actions.
-
Add: Allows the role to add new securables.
-
Read: Allows the role to view securables.
-
Modify: Allows the role to change the object definition for the Securable object.
-
Search: Allows the role to search for specific securables.
-
Update: Allows the role to upload new versions of existing securables.
-
-
If you selected Custom Access, under Field Level Permissions, turn the Read switch on to allow read access, or off to disallow read access, for each of the fields.Step InformationNote: Some fields are required for specific actions. For more information about the available fields, refer to .Field level permissions for the Securable object
-
If you selected Custom Access, under Field Level Permissions, turn the Update switch on to allow the role to update, or off to disallow update access, for each of the fields.Step InformationNote: Some fields are required for specific actions. For more information about the available fields, refer to Field level permissions for the Securable object
-
If you selected Custom Access, select Apply Permissions.Expected ResultResult: A "Permissions Applied" message displays, indicating that the object permissions were successfully updated. If the role has access to any portal pages that use data from the object, the pages inherit the new permissions.
-
Optional. To define whether the role can access the ACL page in the portal, Define permissions for the ACL page securable.
Postrequisite: If you want to allow the role to edit permissions for objects and pages, you must also Define permissions for the Securable Assignments object.
Field level permissions for the Securable object
The Access Control List (ACL) allows you to customize the level of access users have to the fields within the Securable object.
The list of fields is populated from the list of attributes in the Securable object. The following permissions can be modified for each field.
-
Read: allows or disallows read access.
-
Update: allows or disallows editing.
When modifying field level permissions, keep in mind that some fields are required for specific actions.
The following fields are available for the Securable object.
Name
The name of the securable.
Full access to this field is required when adding or editing a securable.
Areaname
The area in which the securable is grouped.
Full access to this field is required when adding or editing a securable.
Moduleid
The ID of the module to which the securable belongs.
Full access to this field is required when adding or editing a securable.
Createdby
The userid of the user who created a securable.
Full access to this field is required when adding a securable.
Updatedby
The userid of the user who last updated a securable assignment.
Full access to this field is required when adding or editing a securable assignment.
Description
The description associated with a securable.
Full access to this field is required when adding or editing a securable.
Securableid
The ID assigned to a securable.
Full access to this field is required when adding or editing a securable.
Whencreated
The date and time a securable was created.
Full access to this field is required when adding a securable.
Whenupdated
The date and time a securable was updated.
Full access to this field is required when adding or editing a securable.
Configuration
A list of all possible values for securable assignments, in json format.
Full access to this field is required when adding or editing a securable.
Define permissions for the Securable Assignments object
The Securable Assignments object contains data about the permissions held by roles in your tenant. The Access Control List allows you to define permissions for the Securable Assignments object. Modifying permissions for an object allows you to grant access to actions that affect the object, which can be executed from API calls or portal pages. You can grant a role full access, custom access, or no access to the object. You can also customize the level of access users have to the actions and fields within the object. The TenantAdministrator role has full access to all objects.
Important:The Authenticated User role has read access to the securable assignments object by default. DSI highly recommends that you do not revoke this access.
To define permissions for the Securable Assignments object, complete the following steps in the portal.-
Go to the ACL page.Step InformationNote:The default location for the ACL page is Configuration > ACL. If the menu items for your tenant have been customized, it may be located elsewhere. For more information, contact your tenant administrator.
-
In the list, expand Object (System), and then select Securable Assignments.Step InformationResult: The list of roles displays, along with each role's access to the object.
-
Select a role from the list, and then select Modify.
-
In the context menu, select one of the following options.
-
To allow the role full access to the object, select Full Access.Note:This allows all users within the role to use API calls to add, read, modify, search, and update the object itself, and all fields within the object.
-
To prevent the role from being able to view the object, select No Access.
-
To customize the level of access the role will have to the object, select Custom Access.
Expected ResultResult: If you selected Full Access or No Access, a "Permissions Applied" message displays, indicating that the object permissions were successfully updated. If the role has access to any portal pages that use data from the object, the pages inherit the new permissions. -
-
If you selected Custom Access, under Action Level Permissions, turn the Execute switch on to allow, or off to disallow, each of the following actions.
-
Add: Allows the role to add new securable assignments.
-
Read: Allows the role to view securable assignments.
-
Modify: Allows the role to change the object definition for the securable assignment object.
-
Search: Allows the role to search for specific securable assignments.
-
Update: Allows the role to upload new versions of existing securable assignments.
-
-
If you selected Custom Access, under Field Level Permissions, turn the Read switch on to allow read access, or off to disallow read access, for each of the fields.Step InformationNote: Some fields are required for specific actions. For more information about the available fields, refer to Field level permissions for the Securable Assignments object
-
If you selected Custom Access, under Field Level Permissions, turn the Update switch on to allow the role to update, or off to disallow update access, for each of the fields.Step InformationNote: Some fields are required for specific actions. For more information about the available fields, refer to Field level permissions for the Securable Assignments object
-
If you selected Custom Access, select Apply Permissions.Expected ResultResult: A "Permissions Applied" message displays, indicating that the object permissions were successfully updated. If the role has access to any portal pages that use data from the object, the pages inherit the new permissions.
-
Optional. To define whether the role can access the ACL page in the portal, Define permissions for the ACL page securable.
Postrequisite: If you want to allow the role to edit permissions for objects and pages, you must also Define permissions for the Securable object.
Field level permissions for the Securable Assignments object
The Access Control List (ACL) allows you to customize the level of access users have to the fields within the Securable Assignments object.
The list of fields is populated from the list of attributes in the Securable Assignments object. The following permissions can be modified for each field.
-
Read: allows or disallows read access.
-
Update: allows or disallows editing.
When modifying field level permissions, keep in mind that some fields are required for specific actions.
The following fields are available for the Securable Assignment object.
Roleid
The ID of the role that is being assigned to a securable.
Full access to this field is required when adding or editing a securable assignment.
Createdby
The userid of the user who created a securable assignment.
Full access to this field is required when adding a securable assignment.
Updatedby
The userid of the user who last updated a securable assignment.
Full access to this field is required when adding or editing a securable assignment.
Assignments
The permissions assigned to a role for the selected object or page.
Full access to this field is required when adding or editing a securable assignment.
Securableid
The ID of the securable to which a role is assigned.
Full access to this field is required when adding or editing a securable assignment.
Whencreated
The date and time a securable assignment was created.
Full access to this field is required when adding a securable assignment.
Whenupdated
The date and time a securable assignment was updated.
Full access to this field is required when adding or editing a securable assignment.
Securableassignmentid
The ID assigned to a securable assignment.
Full access to this field is required when adding or editing a securable assignment.
Define permissions for the ACL page securable
The Access Control List allows you to modify a role's permissions to the ACL page securable. This defines the role's level of access to the ACL page on the portal. This only controls access to the page itself. Access to the data within the page is inherited from the Securable object and the Securable Assignments object. You can grant a role full access, custom access, or no access to the ACL page securable. The TenantAdministrator role has full access to all objects.
Prerequisites:
-
If you want to allow users to view or edit the ACL page, you must also grant permissions for any parent pages in the menu structure. For example, if the ACL page is nested under Configuration, you must Define permissions for the Configuration page securable.
To define permissions for the ACL page securable, complete the following steps in the portal.
-
Go to the ACL page.Step InformationNote:The default location for the ACL page is Configuration > ACL. If the menu items for your tenant have been customized, it may be located elsewhere. For more information, contact your tenant administrator.
-
In the list, expand Page (System), and then select ACL Page Securable.Step InformationResult: The list of roles displays, along with each role's access to the page.
-
Select a role from the list, and then select Modify.
-
In the context menu, select one of the following options.
-
To allow the role full access to the page, select Full Access.
-
To prevent the role from being able to view the page, select No Access.
-
To customize the level of access the role will have to the page, select Custom Access.
Expected ResultResult: If you selected Full Access or No Access, a "Permissions Applied" message displays, indicating that the page permissions were successfully updated. -
-
If you selected Custom Access, under Top Level Permissions, for Page, turn the View switch on to allow read access to the page, or off to disallow read access.
-
If you selected Custom Access, select Apply Permissions.Expected ResultResult: A "Permissions Applied" message displays, indicating that the page permissions were successfully updated.
Loading...
There was a problem loading this topic