Understanding access control
Usages
TS are based on a principle of building ONE application for MANY users.
Instead of building and maintaining multiple user interfaces, rules declarations restrict what a user can do
- What fields are available
- When records are available
- Whet records ara available
Practically any set of rules can be built combining Field access and Dataownership.
Access policies
The basic Access policies controls the users access to
- Which Fields are available
- Which Status can be accessed
Permission policies stack together and include
- User group
- Field group (optional)
- Status (optional)
This allows for many combination usecases such as
Let Manageres READ all data anytime Let Manageres EDIT the pricing when Status is Draft Let Customers READ all data when Status is Order delivered Let Administrators EDIT anything anytime except Pricing
Data ownership
Data ownership will restrict which record in an entity the user can see.
Different access restrictions exists
- Group membership (aka Exclusive groups)
- Personal record
- Access control lists
- Named users
- Named groups
Classic Multi tenancy is built by utilizing group data ownership.
Note: Depending on the setup the server can run with single or multiple Exclusive groups.
Other access controls
Many other components in the platform have configuration options to make them available to a single group