1. Access rights on class records

    Article: AN0001563Updated:

    Access rights can be controled on level of particular records. If you need to differentiate access rights in this way, use organization structure, that represents a system approach to controlling access rights on level of particular records.

    ObjectGears system offers three types of organization structures:

    1. User - manager - This organization structure can be defined on a class containing two simple references to the user.

    2. Team organization structure - This organization structure can be defined on a class with columns reference to user (team members) and self-reference to this class (superior team)

    3. Unit organization structure - This organization structure is defined on two classes. The first class contains units and column self-referencing to this class (superior unit). The second class contains users - contains column reference to the user and column referencing to the first class (unit).

    In the class, in which we want to control access rights on records level by means of an organization structure, we will create column of the type reference to a class (simple or multiple), that will refer to record/records from the class, on which organization structure is defined. When assigning access rights in the class, we will have possibility to select organization structure, according to which the given access right (Reading data list, Reading data detail, Inserting data...) will be controlled and determine, wheather the user shall see/manage only records belonging to organization units he/she is member of or also records belonging to subordinate units.

    It is possible to combine access rights without organization structure (user then has for the given right access to all the records) and access right using whatever number of organization structures in a single class. Certain roles can then have in the given access right access without limits to all the records, in another access right access via one organization structure and in another access right access via another organization structure that can be of a different type. ObjectGears system provides great flexibility for achieving behaviour that you need.


    Example of using organization structures for controlling access on level of records is repository of IT assets in a corporate environment. Role of IT architect shall have access on classes with applications, servers, interfaces and other entities. At the same time it is necessary to distinguish between IT architect in a single company (legal entity) and IT architect working on country level, region level or for the whole corporation. Particular IT architects on the level of a single legal entity do not need and should not see records from other companies. On the contrary, IT architect on the country level needs to have view on records from all the companies in the given country. IT architect on the region level shall see records of all the companies in all countries of the given region, but not records from other regions. This behaviour is enabled by an organization structure and assigning users into its units.