Skip to content

Exclude a Projection from Data Access Control

Due to Functional, performance or security concerns, some Projections may not be used for Data Access Control. In such a cases, those projections should be explicitly excluded from Configuration Access Control Lists to prevent user confusion.

The Impact of Excluding a Projection

When a projection is excluded, Data Access Control (DAC) filters will not apply to that projection. IFS excludes a set of projections by default and refines this list with each major release update. Additionally, system administrators can also exclude projections from the DAC framework based on business requirements.

Excluded by default - This determines if projections are excluded by IFS due to architectural design decisions and security or performance concerns.

Since DAC is applied to both model entities and projection entities, the following rules apply:

  • The projection will not be listed creating a new Access Control List (ACL) for the Projection entity.
  • The projection will not be listed when applying an existing ACL.
  • To successfully add a new projection to the exclude list, ensure that it is not already associated with any ACLs.

When to exclude a projection

Excluding an API from access control allows unrestricted access to specific endpoints but should be done cautiously to avoid security risks. This may be appropriate in scenarios such as:

  • When the API is for administrative or internal use with access controlled by other mechanisms (e.g., service accounts).
  • High-performance read-heavy queries where performance would be impacted by DAC.
  • System configuration tables that store static data or settings, such as System Parameters.

How to exclude a projection

  1. Navigate to the Exclude List.

    • Go to: Solution Manager → Access Control → Excluded Projections

  2. Click ‘Add to List’ to select projections to exclude.

  3. Select the projections you want to exclude and provide a reason for excluding the selected projection(s). Click ‘OK’ to confirm.

  4. Once confirmed, the selected projections will be added to the Excluded Projections List.

How to remove a projection from the exclude list

Select the projection and click ‘Remove from List’.

NOTE:

Only projections that have not been excluded by default are eligible for removal.