Define Additional Access Attribute Criteria
Explanation
This activity is used to define the Field Configuration table in Access
Attribute. This table controls what changes can be made to the data stored inside the logical
unit.
There are two types of records present in the table:
- The first type is responsible for filtering who has access to data. When an access attribute is
created, several such records appear automatically. They indicate what is checked when someone tries to access
the data. In most cases it will be the Company ID and Employee ID, but additional criteria can appear.
- The second type of records defines what actions can be performed on the data. These are the records
that you will most likely want to add or edit. You can allow authorizations, approvals, value changes and more.
Keep in mind that you do not create records for specific fields in the application, but for all data handled by a
logical unit.
Navigate to Access Attribute. Select the protected logical unit from the graphical object
structure and expand the structure to search for the relevant Attribute ID.
In the Column Name field, use the list of values to select the column that holds data that you want to
control. For example, the ExpenseHeader logical unit has the EXPENSE_STATUS column in it. This column
stores data about authorizations of expense status.
The Key Column field is used by records that specify what kind of key information is used to identify data.
The Old Value field specifies what values can be changed by an owner of the access attribute. The
attribute owner can change data only if they match contents of the Old Value field. For example, if
the EXPENSE_STATUS column has Old Value set to Approved, the supervisor will be able to modify
the expense only when it is approved. If the Old Value field is left empty, the attribute owner can modify
all data stored in the column.
The New Value field specifies what new values can be set by the owner of the access attribute. The
attribute owner can change data only to what is listed in the Old Value field. For example, if the
EXPENSE_STATUS column has New Value set to Authorize, the supervisor will be able only to
authorize the expense. If left empty, the owner will be able to modify the data to any state.
You can use following operators on New Value and Old Value fields:
- % (any value)
- > (larger than)
- >= (larger or equal to)
- < (less than)
- <= (less or equal to)
- != (not equal to)
- !% (no value)
- .. (between)
Note: Semi colon can be used to enter multiple values with the operators, where applicable.
In the Attribute Value field, you can select one of the following:
- Set Value to create an access lock. The application will remember with what access attribute level
(defined later in the Define Access Role activity) data has been changed. Anyone with a lower access
attribute level will be unable to override the data.
For Example, when a supervisor approves the expense, if this change is made with Set Value selected, no
one with a lower attribute level will be able to revert this change.
- Clear Value to remove the access lock. Once the attribute owner changes data, the application will
remove any existing access locks. Anyone with access to data will be able to change it, regardless of their
access attribute level.
For Example, if a supervisor wants to move the expense status back to the Confirmed state, and wants
someone else to do the approval, he should have a different record defined:
To revert approval back to confirmation, the EXPENSE_STATUS column should have Old Value set to
Approved, New Value set to Confirmed, and Attribute Value set to Clear Value.
In this case, Clear Value will allow supervisors with lower attribute level to do the approval (if they
have the relevant attribute assigned).
- If left empty, the access lock will be ignored. A supervisor will modify the data if he can, leaving
the previous access lock active.
Prerequisites
In order to perform this activity, an access attribute has to be created.
System Effects
As a result of this activity, additional access criteria will be added to an access attribute to determine who
has access and/or what actions can be performed on the data..