Managing Attribute-Based Security Rules

Administration > Working with the Type and Attribute Management Utility > Managing Types > Type Information Page > Attributes Tab > Managing Attribute-Based Security Rules

Managing Attribute-Based Security Rules

Administrators can set access rules for attributes. These rules grant or deny access to a specific instance of an object. This access is based on the value of an attribute on that object, where the attribute’s legal values are defined by an enumeration (a list-based attribute or list attribute) on that object.

You can manage access rules on root types and most primary types. You cannot manage access rules on subtypes or most secondary types of a synchronized type set.

Attribute-Based Security Rules on Synchronized Type Sets

Refer to the following table to determine if attribute-based security rules (ABSRs) are allowed on a synchronized type set. For more information on synchronized type sets, see Synchronized Types.

Category Type	Type	Attribute-Based Security Rules Allowed
Primary	BOM	Yes
Secondary	BOM Link	No
Primary	Collection	Yes
Secondary	Colorway	Yes
Secondary	Colorway-Season Link	Yes
Primary	Colorway-Size	No
Secondary	Colorway-Size to Season	No
Secondary	Colorway-Size to Source	No
Primary	Construction	Yes
Secondary	Construction Detail	No
Primary	Cost Sheet Product	Yes
Secondary	Cost Sheet Colorway	No
Primary	Material	Yes
Secondary	Material Color to Collection	No
Secondary	Material Pricing Entry	No
Secondary	Material Supplier	Yes
Secondary	Material Supplier to Collection	No
Secondary	Material to Collection	No
Primary	Measurements	Yes
Secondary	Measurements POM	No
Primary	Order Confirmation	Yes
Secondary	Order Confirmation Detail	No
Primary	Palette	Yes
Secondary	Palette to Color	No
Secondary	Palette to Material	No
Secondary	Palette to Material Color	No
Secondary	Placeholder	Yes
Primary	Plan	Yes
Secondary	Plan Detail	No
Primary	Product	Yes
Secondary	Product Season Link	Yes
Primary	RFQ	Yes
Secondary	RFQ Detail	No
Secondary	RFQ Response	Yes
Primary	Sample	Yes
Secondary	Sample Request	Yes
Primary	Season Group	Yes
Secondary	Season Group to Product	No
Secondary	Season Group to Colorway	No
Primary	Size Definition	Yes
Secondary	Size Definition to Season	Yes
Primary	Sourcing Configuration	Yes
Secondary	Sourcing Configuration to Colorway	No
Secondary	Sourcing Configuration to Season	No
Primary	Test Specification	Yes
Secondary	Test Condition	No
Secondary	Test Details	No
Secondary	Test Method	No
Secondary	Test Property	No
Secondary	Test Standard	No

Viewing Attribute-Based Security Rules

To view access rules, do the following:

1. Under Manage Types, select a valid type.

2. On the type information page, from the Actions menu, click Manage Attribute-Based Security Rules. The defined rules appear in read-only mode in the Attribute-Based Security Rules window.

3. Click the close icon

to close the window.

Creating Attribute-Based Security Rules

To create a new access rule, do the following:

1. Under Manage Types, select a valid type.

2. On the type information page, from the Actions menu, click Edit to enable editing.

3. From the Actions menu, click Manage Attribute-Based Security Rules.

4. Click the create new attribute access rule icon

.

5. In the Create New Attribute ACL window, from the Attribute list, select the attribute whose value controls access. The Attribute list contains the list attributes that are configured on the root level of the selected type.

If applicable, the list also contains the list attributes that are configured on the root level of any secondary types that belong to the primary type's synchronized type set and support the use of attribute-based security rules. For more information, see Attribute-Based Security Rules on Synchronized Type Sets.

6. The Values list populates with values based on the enumeration associated to the selected list attribute.

7. To apply the rule to a specific value, from the Values list, select the value and click Add. The value appears in the Chosen list.

8. From the Action list, select an action:

◦ Create

◦ Delete

◦ Update

◦ View

9. From the Rule Type list, select a rule type:

◦ Deny

◦ Grant Only To

10. From the Groups list, select the groups the rule applies to and click Add. The group appears in the Chosen list.

11. Click Finish. The new rule appears in the Attribute-Based Security Rules table.

12. Click the close icon

to close the window.

For example, if the Subassembly Insertion Mode attribute is set to Prompt User for Link or Copy, then all the users in the Attribute Administrators group cannot use the Delete action on this particular BOM instance.

Deleting Attribute-Based Security Rules

To delete access rules, do the following:

1. Under Manage Types, select a valid type.

2. On the type information page, from the Actions menu, click Edit to enable editing.

3. From the Actions menu, click Manage Attribute-Based Security Rules.

4. In the Attribute-Based Security Rules window, select the checkboxes next to the rules you want to delete. To select all rules, select the checkbox next to the Attribute column.

5. Click the delete attribute access rule icon

.

6. Click OK to confirm that you want to delete the rule. The rule is removed from the Attribute-Based Security Rules table.

7. Click the close icon

to close the window.

Editing Attribute-Based Security Rules

To edit an existing access rule, do the following:

1. Under Manage Types, select a valid type.

2. On the type information page, from the Actions menu, click Edit to enable editing.

3. From the Actions menu, click Manage Attribute-Based Security Rules.

4. Select the attribute you want to edit by clicking the link in the Attribute column.

5. In the Update Attribute ACL window, update the necessary fields.

6. Click Finish. The updated rule appears in the Attribute-Based Security Rules table.

7. Click the close icon

to close the window.