The second level of security in SocrateCloud is role data access. For any given role, one can continue to refine the security settings by defining access to specific tables, columns or records. To open the Role Data Access window, go to System Admin -> General Rules -> Security. The window contains a subset of fields also found in the Role window. Details in Roles.
In this tab you can define access to specific tables. To do this click on the New record button and complete the respective fields:
Table - here you can select the desired table from the list field;
Active - indicates whether the security rule is active;
Exclude - indicates whether the security rule will stop the selected access type to this table. By not checking this box, the security rule will allow the selected access type to this table;
Access Type list field - contains Accessing, Exporting or Reporting. Select to indicate for which type of access this security rule applies:
Accessing - the Read Only checkbox will appear. Check this box if you want the User to be able to read the records in this table, without being allowed to insert, update or erase the records.
Exporting - the Can Export checkbox will appear. Check this box if you want the User to be allowed to export records from this table. Leave the box unchecked if you want to restrict the record export from this table.
Reporting - the Can Report checkbox will appear. Check this box if you want User to be able to report records from this table. Leave the box unchecked if you want to restrict the record reporting from this table.
Note:
if you use Table Access to grant access to Reporting and Exporting, the Can Report and Can Export boxes need to be selected in the Role window;
the user needs to have the right to report on a table in order to have the right to export from a table.
In this tab you can define access to specific columns. To do this click on the New record button and complete the respective fields:
Table,Column - are used to describe the column for which the access rule is defined;
Active - indicates whether this security rule is active;
Exclude - indicates whether this security rule will block the access to this column. By deselecting the checkbox, it would denote that access is allowed to this column;
Read Only - indicates whether users of this role will be allowed to see the column but not update it;
The Record Access tab displays the tables for which record access security rules were defined. Select the Record ID button to display the record for which the security rule was defined. If you want to deactivate the record access rule, deselect the Active checkbox.
To define a a record access security rule:
Open any window and display the record to which you want to impose the restriction (click on Record ID). While pressing the CTRL key, click on the Block Personal Record button on the toolbar. More about the Block Personal Record button in Record Blocking. The Record Access Dialog will be displayed.
Select the Role to which this record access security rule will be applied.
Check the Active checkbox to denote that this security rule is active.
Check the Exclude checkbox to restrict access to this specific record. If this box is not selected, then the access is granted to this specific record and the access to all other records in the table will be restricted (excluding those specifically included).
Check the Read Only checkbox if this role shouldn't be allowed to update or delete the record.
Check the Dependent Entities checkbox if access should also be restricted to entities using this record.
Select the OK button to save the record.
Personal Lock allows the User to restrict the access to a specific record. If you select the Record Blocking checkbox in the Role window, then only that User and those Users assigned to the Roles with the Personal Access checkbox selected will have access to the record. This Security Rule is above any other previously defined Security Rule.
If a Role has the Personal Lock checkbox selected, the following icon will appear in the toolbar:
The open lock indicates that this record is open to all Users:
The closed lock indicates that this record is open only to the User who has set the record blocking and to the users assigned to a role with the Personal Access on.
The Personal Lock Records report displays a lists of blocked/restricted records and related information: record table, record ID, date they were blocked and the user that blocked the record.