Define Additional Access Attribute Criteria
Explanation
This activity is used to define the Field Configuration
table in Access Attribute. This table controls what changes can be made
to the data stored inside the logical unit.
There are two types of records present in the table:
- The first type is
responsible for filtering who has access to data. When an access
attribute is created, several such records appear automatically. They
indicate what is checked when someone tries to access the data. In most cases it will be the
Company ID and Employee ID, but additional criteria can appear.
- The second type of records defines what actions can be performed on the
data. These are the records that you will most likely want to add or edit.
You can allow authorizations, approvals, value changes and more. Keep in mind
that you do not create records for specific fields in the application, but for all data handled by
a logical unit.
Navigate to Access Attribute. Select the protected logical
unit from the graphical object structure and expand the structure to search
for the relevant Attribute ID.
In the Column Name field, use the list of values to select the column that holds
data that you want to control. For example, the ExpenseHeader logical
unit has the EXPENSE_STATUS column in it. This column stores
data about authorizations of expense status.
The Key Column field is used by records that specify
what kind of key information is used to identify data.
The Old Value field specifies what values can be changed by an
owner of the access attribute. The attribute owner can change data only
if they match contents of the Old Value field. For example, if the EXPENSE_STATUS column has
Old Value set to Approved, the
supervisor will be able to modify the expense only when it is approved. If the Old Value field is
left empty, the attribute owner can modify
all data stored in
the column.
The New Value field specifies what new values can be set by the owner of the access attribute.
The attribute owner can change data only to what is listed in the Old
Value field. For example, if the EXPENSE_STATUS column has New
Value set to Authorize, the supervisor will be able only to
authorize the expense. If left empty, the owner will be able to modify the data to any state.
You can use following operators on New Value and
Old Value fields:
- % (any value)
- > (larger than)
- >= (larger or equal to)
- < (less than)
- <= (less or equal to)
- != (not equal to)
- !% (no value)
- .. (between)
Note: Semi colon can be used to enter multiple values with
the operators, where applicable.
In the Attribute Value field, you can select one of the
following:
- Set Value to create an access lock. The application will remember
with what access attribute level (defined later in the Define Access Role
activity) data has been changed. Anyone with a lower access attribute level will be
unable to override the data.
For Example, when a supervisor approves the expense, if this change is
made with Set Value selected, no one with a lower attribute level
will be able to revert this change.
- Clear Value to remove the access lock. Once the attribute owner
changes data, the application will remove any existing access locks. Anyone
with access to data will be able to change it, regardless of their access
attribute level.
For Example, if a supervisor wants to move the expense
status back to the Confirmed state, and wants someone else to do the
approval, he should have a different record defined:
To revert
approval back to confirmation, the EXPENSE_STATUS column
should have Old Value set to Approved, New Value set
to Confirmed, and Attribute Value set to Clear Value. In
this case, Clear Value will allow supervisors with lower attribute
level to do the approval (if they have the relevant attribute
assigned).
- If left empty, the access lock will be ignored. A supervisor will modify the
data if he can, leaving the previous access lock active.
Prerequisites
In order to perform this activity, an access attribute has to be created.
System Effects
As a result of this activity, additional access criteria will be added to an
access attribute to determine who has access and/or what actions can be
performed on the data..