Have a Question?
< All Topics

Security Settings Example: allow_on_pass

A customer was having trouble setting up their security settings so that a particular user group could access (read access) any asset records for which the asset type was a specific type, which we will call it “TypeA”. They also wanted update rights when the asset belonged to a particular department. We shall call it “Department1”.

The only permissions that are in any way affected by the query are the permissions set to “Allow on Pass”. All asset records will be affected by the other permission settings, either being set to Always Allow or Always Deny. So in the above case, with the two Object/Data objects as presented, a user in the user group will be denied Update, Create, and Deny in all cases, and allowed to see the Asset records when it is of asset type TypeA and department Department1, with the second Object/Data object overriding the first.

The correct way to accomplish the settings the customer wants is as follows:


Of note, is the use of “<No Value>” . “No Value” is actually very useful in that it limits the scope of theObject/Data’s affect on permissions. We don’t want records that pass the query for the second Object/Data to deny Update rights when the record had just passed the query on the first Object/Data (Update: Allow on Pass), so we use “Update: <No Value>”.

Table of Contents