Manage Projection Grants¶
To customize Access Level for a Projection within a Permission Set, select a Projection in the list and use the Manage Projection Grants command. This navigates to the Projection Grant Detail page.
This will list all the pages and assistances that belong to the Projection. The View Page command can be used to navigate to pages in the list. Further, it will show what other Permission Sets are granted to the selected Projections.
Projection grants for a Permission Set can be regulated as a whole using the global Grant Read Only and Grant Full commands.
Projection Actions
There are two sub menus available to manage Entity Action Grants and Projection Action Grants for a selected Projection. When an action is selected in the actions list its corresponding usages show up in the usage list.
Projection Action Grants
Projection actions are invoked in the context of the whole Projection. They are not bound to any specific data source of the Projection.
Entity Action Grants
Entity actions are invoked in the context of a specific data source of the Projection.
- If a Projection is granted as Full, all available Entity Actions and Projection Actions are granted.
- If a Projection is granted as Read Only, none of the available Entity Actions or Projection Actions are granted.
- If you choose to change the access to individual Entity Actions or Projection Actions, the Projection Access Level will be set as Custom.
Manage Grants by Command
The Manage Grants by Command assistant is used to edit action grants based on a selection of client commands in the IFS Cloud Web.
In the first step all client commands applicable for pages utilizing the projection are listed. Select one or more commands for which access level for the actions invoked should be changed within the current permission set.
The second step will list all actions used by commands selected in the first step. In the action list current access level is presented and new access level can be set per action. To change new access level the Set To Revoke and Set To Grant commands may be used. New access level defaults to Granted.
Access level changes performed in the assistant are not limited to the commands selected in the first step of the assistant but affect all commands using the actions.
Access Level changes are applied once the Assistant is completed. The final page will show a summary of the actual changes applied.
Note: Please refresh the Security Cache from Refresh Server Cache page after revoking permissions.