A Permission Set Filter is a user defined restriction of entity access. It can be used as an addition to activity grants in a Permission Set. The addition of filters to granted activities is a way to achieve data row security. Note this only applies the activities and services used for instance by BizAPI's.
Existing permission set filters can be displayed by selecting the List Permission Set Filter option in the Solution Manager/Configuration/Permission Set Filters folder. All filters are presented in a list, see figure 1 below. This list can be grouped and sorted on a number of columns such as Entity, Created By, Modified By and Filter Type.
The actual definition of the filter can be viewed in the Manage Permission Set Filter window. Use the Show Details... right mouse option to navigate.
To register a new permission set filter select the New Permission Set in the navigator. In the Activities tab right click on the activity that the filter needs to be created for and select Create Filter... menu option. If there are more than one Entity, a dialogue box will be popped up and select the Entity from the dialog box. You will be directed to Create Permission Set Filter.
You can also create a filter by selecting the Create Permission Set Filter in the navigator. To edit a filter, select the filter in the list, right click and then select the Show Details... menu option.
For each filter a unique name needs to be given. You also need to register the entity for which the filter applies to. A SQL Where Expression should also be given. The latter holds the actual entity instance restriction that will be executed when the filter is applied.
Figure 1. Example of a permission set filter used for filtering out languages.
The Column Picker window displays all columns for the given entity. Click the Column Picker link to open up window, a valid entity must be registered for this to work.
Figure 2. The column picker for the language code entity.
You can use drag and drop to build up the where expression. Left click on a column and drag it to the SQL Where Expression field. Then release the button, the selected column name will now be added to the where expression. The column name will be added with the &0. prefix. The use of prefix makes sure that the filter works even if applied to an activity where the given entity is joined with other entities.
Note: Context Substitution Variables functionality is not supported in SQL Where Expression.
Filters can be exported and later imported at another installations of IFS Applications. This is done by selecting the Import Filter... or Export Filter... right menu options. These options are available in both the Manage Permission Set Filter and List Permission Set Filter feature. The List feature allows exporting and importing of multiple filters at the same time. The filters are stored in xml files, one file per filter. The xml file name corresponds to the filter name.