Defining Security Group Rules
After you define a target Security Group Object, you next configure one or more Security Group Rules (SGRs). SGR records define the Data Access Rules (DARs) to be automatically generated to grant record-level access to Security Group members. When you define an SGR for a Security Group Object, one DAR record is automatically generated for each target record, so that group members can see only records of the rule object that are related to the target object.
 |
DAR records are not generated for records of the target Security Group Object that have no related users linked through the Membership relationship.
|
To define Security Group Rules:
1. In Max Designer, click Developer Tools (
) > , and then in the left pane, search for and select the Security Group Rule object.
) > , and then in the left pane, search for and select the Security Group Rule object.2. In the left pane, click Records, and then in the list view, in the top left corner, click Create (
).
).3. On the record page, complete the fields as follows, and then in the top left corner, click Save and Close (
).
).|
Field
|
Value
|
||
|---|---|---|---|
|
Name
|
The name you want to use for the Security Group Rule.
|
||
|
Security Group Object
|
The object you want to use to generate Security Groups.
|
||
|
Rule Object
|
The object to which you want to restrict access by automatically generating Data Access Rules.
|
||
|
LHS of Filter Expression
|
The left-hand side of the filtering expression to be created in the DAR. In general, this is the full identifier of the field that points to records of the object specified in the Security Group Object field.
|
|
|
For DAR restriction behavior to function properly, users should have roles with permissions that grant read access to all records of the target object.
|