This view contains two permissions views. In one, the permissions of a permissions group are edit in the tables and columns of the data model and in the other, the current permissions situation is established by the permissions simulation.
The permissions displayed in the edit permissions view always relate to the permissions group which is selected in the toolbar. You can add, edit and delete permissions for the permissions group for table or columns.
Each of the permissions in the view is represented by a check box. If the check box is not active the corresponding permission is withdrawn. If the check box is set, the corresponding permission is allowed.
|
NOTE: Use SHIFT + left mouse button or CTRL + left mouse button to select multiple tables or columns for editing. |
Icon | Meaning |
---|---|
Table | |
Column | |
Foreign key column (FK) | |
Primary key column (PK) |
Context Menu Item | Meaning |
---|---|
New | Adds a new table or column permission for a permissions group or account user. |
Delete | Deletes a table or column permission for a permissions group or account user. |
Copy | Copies table (column) permissions from the selected permissions group or system user. |
Paste | Inserts copied table (column) permissions into the selected permissions group. |
Copy all permissions | Copies all table (column) permissions from the selected permissions group. |
Paste all permissions | Inserts all copied table (column) permissions into the selected permissions group. |
Navigation | Shows all other editors that can be used with the selected object. |
Use the Options item in the Permissions Editor menu with its predefined filters and filter conditions to limit the number of of tables displayed in the editing and simulating permissions view.
Filter | Meaning |
---|---|
Show all tables | Shows all database model tables. |
Show non-system tables | Only shows tables from the application data model. |
Show system tables |
Only shows tables from the system data model. |
Show disabled tables | Disabled tables are displayed as well. |
You also have the option to set up ad hoc filters and permanent filters. Ad hoc filters are used for one-off searches. These filters are not saved and are immediately applied to the display. A permanent filter is recommended if you want to reuse it more frequently. Permanent filters are saved and are therefore always available for use.
You can give tables the following permissions.
Permissions | Meaning |
---|---|
Viewable |
The table data is displayed. |
Insertable |
New data can be added to the table. |
Editable |
Table data can be edited. |
Deletable |
Table data can be deleted. |
|
NOTE: If permissions "Insertable", "Editable" or "Deletable" are granted, "Viewable" permissions are implicit. In this case, the option Viewable is grayed out in the Permissions Editor. |
You can limit table elements by setting conditions for viewing, editing, inserting and deleting. This makes it possible to link editability of employee data sets to their names, for example. In this way, a user can allow read access only to employee data where the last names begin with A-F, whereas employee data from G-Z can be given write access.
|
NOTE: Limiting conditions can only be defined for application database tables. |
Condition | Meaning |
---|---|
for viewing | Limiting condition for displaying data sets. |
for editing | Limiting condition for editing data sets. |
for inserting | Limiting condition for inserting data sets. |
for deleting | Limiting condition for deleting data sets. |
Format your condition like a where-clause in a database query.
For example, if the user should be able to view all employee, but only edit those with a last name beginning with "B", you can format the condition for editing as follows:
Lastname like 'B%'
|
TIP: Use the SQL check button to test the condition. This checks the syntax. The number of objects that comply is returned. |
|
IMPORTANT: When you grant column permissions, you must apply the same permissions to the tables. This means, a column is only visible when the table is too. |
You can grant the following permissions for columns:
Permissions | Meaning |
---|---|
Viewable | The column is displayed. |
Editable | The values in the columns can be changed |
Insertable |
The value in the column can be edited when a new data record. Once the data record has been saved it can no longer be edited. For example, when an Active Directory User is created, an Active Directory Container is defined. Because this is a key field the Active Directory Container cannot be changed after the object has been saved. |
|
NOTE: If permissions "Insertable", "Editable" or "Deletable" are granted, "Viewable" permissions are implicit. |
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy