Skip to content

Data Access Control

With the introduction to Data Access Control (DAC) framework with CRUD access to IFS Cloud, security will be enhanced due to exposure of only relevant data to the user. Different users will have access to the same dataset, but each user can only view the data they have access to and are authorized to based on the requirements. For more information, see Data Access Control.

Applying data access control for entity reads through ODP

When OData provider receives a request to read an entity collection or an entity, it fetches the applicable ACLs published for the projection entity and weave these conditions to the generated SQL statement.

These injected conditions in the SQL statement ensure that only the data that the user is permitted to access is included in the query results. Depending on the user, the data visibility is adjusted along with the permissions granted to the user.

In addition to the above-mentioned basic scenario, OData Provider caters DAC support for entity data read through navigations and expands as well.

Refer to the following diagrams for more details on the ACL application to SQL statements.

Root Entity

Navigation

Expand