Difference between revisions of "About Roles and Data Visibility"
From AgileApps Support Wiki
imported>Aeric |
imported>Aeric |
||
| Line 1: | Line 1: | ||
<noinclude>__NOINDEX__</noinclude> | <noinclude>__NOINDEX__</noinclude> | ||
====Standard Access Controls==== | |||
A user's access to data is normally determined by a number of factors, shown here. It is also possible to define custom access criteria, described subsequently. | A user's access to data is normally determined by a number of factors, shown here. It is also possible to define custom access criteria, described subsequently. | ||
| Line 25: | Line 25: | ||
::* When user lacks permission to view an object, they will be able to view the record in that object by following a link to it (for example, in the task's <tt>Related To</tt> field). They also see the record when completing the task. But there is no tab for viewing other records in that object, and a search will not reveal it. | ::* When user lacks permission to view an object, they will be able to view the record in that object by following a link to it (for example, in the task's <tt>Related To</tt> field). They also see the record when completing the task. But there is no tab for viewing other records in that object, and a search will not reveal it. | ||
====Custom Access Controls==== | |||
[[Custom Access Criteria]] can be defined. Those criteria can evaluate field values and apply functions to return true or false for different kinds of actions that can be taken on a record. | [[Custom Access Criteria]] can be defined, as well. Those criteria can evaluate field values and apply functions to return true or false for different kinds of actions that can be taken on a record. | ||
For example, records with a salary in excess of | For example, records with a salary in excess of a certain amount can be made available to designated roles, only. | ||
Revision as of 01:13, 13 May 2014
Standard Access Controls
A user's access to data is normally determined by a number of factors, shown here. It is also possible to define custom access criteria, described subsequently.
- The user's Access Profile specifies global access permissions and administrative permissions.
- The Application Access settings determine which applications the user can run. The Objects available to the user are therefore the combination of
- a. Objects that are part of the running application
- b. Objects that are shared from other applications.
- The user's Role in the application, as specified by the Application Access settings, specifies high-level access rights to individual application objects. (The privileges granted in Access Profiles and Roles are additive. If either the Access Profile or the Role grants permission to perform some operation on an object, then the user has that permission.)
- Visibility Controls determine whether records owned by others are visible and optionally, whether they can be modified.
- Team Data Sharing Policies, which allow data to be shared across Teams. (These settings override the record-level access permissions specified in the individual's Visibility Controls.)
- Field Visibility, when used, specifies data visibility at the Field level.
- Task-based access allows access to records that may not otherwise be visible:
- Users who own a Task, or whose team owns the task, can view the record the Task is attached to.
- If the Task has open ownership, the record the Task is attached to can be viewed by anyone, for as long as the Task is unassigned.
- When a Process Task specifies that the task is to be closed with an accompanying Form, the user can view and edit record the Task is attached to while they are completing the task.
- When user lacks permission to view an object, they will be able to view the record in that object by following a link to it (for example, in the task's Related To field). They also see the record when completing the task. But there is no tab for viewing other records in that object, and a search will not reveal it.
Custom Access Controls
Custom Access Criteria can be defined, as well. Those criteria can evaluate field values and apply functions to return true or false for different kinds of actions that can be taken on a record.
For example, records with a salary in excess of a certain amount can be made available to designated roles, only.