Define Additional Access Attribute Criteria

Explanation

This activity is used to define the table located below the Access Attributes window header. This table controls what changes can be made to the data stored inside the logical unit.

There are two types of records present in the table:

• The first type is responsible for filtering who has access to data. When an access attribute is created, several such records appear automatically. They indicate what is checked when someone tries to access the data. In most cases it will be the Company ID and Employee ID, but additional criteria can appear.
• The second type of records defines what actions can be performed on the data. These are the records that you will most likely want to add or edit. You can allow authorizations, approvals, value changes and more. Keep in mind that you do not create records for specific fields in the application, but for all data handled by a logical unit.

Prerequisites

In order to perform this activity, an access attribute has to be created.

System Effects

As a result of this activity, additional access criteria will be added to an access attribute.

Window

Access Attribute

Related Window Descriptions

Access Attribute
All Data

Procedure

1. Open the Access Attributes window.
2. To find the access attribute, select the protected logical unit from the graphical object structure. Then, in the window header, select the attribute in the Attribute ID field. Use the list of values.
3. Add a new row in the table below the header.
4. In the Column Name field, use the list of values to select the column that holds data that you want to control. For example, the ExpenseHeader logical unit has the EXPENSE_STATUS column in it. This column stores data about authorizations of expense status.
5. The Key Column field is used by records that specify who can access data. Leave it empty.
6. The Old Value field specifies what values can be changed by an owner of the access attribute. The attribute owner can change data only if they match contents of the Old Value field. For example, if the EXPENSE_STATUS column has Old Value set to Approved, the supervisor will be able to modify the expense only when it is approved.
   
   Note:
   In some columns, you can right-click the record and click Set Old Values... to select available old values. In that case, the only logical operator you can use in the field is ; that separates values.
   If the Old Value field is left empty, the attribute owner can modify all data stored in the column.
   The field can store several old values, separated by the ; sign.
   The field can store numerical and text values, depending on the column selected.
   You can use logical operators such as % (any value), > (greater than), < (less than), >= (equal or greater), <= (equal or less), <> (not equal), !% (no value), .. (between), ; (or).
    
7. The New Value field specifies what new values can be set by the owner of the access attribute. The attribute owner can change data only to what is listed in the Old Value field. For example, if the EXPENSE_STATUS column has New Value set to Authorize, the supervisor will be able only to authorize the expense.
   
   Note:
   In some columns, you can right-click the record and click Set New Values... to select available new values. In that case, the only logical operator you can use in the field is ; that separates values.
   If left empty, the owner will be able to modify the data to any state.
   The field can store several new values, separated by the ; sign.
   The field can store numerical and text values, depending on the column selected.
   You can use logical operators such as % (any value), > (greater than), < (less than), >= (equal or greater), <= (equal or less), <> (not equal), !% (no value), .. (between), ; (or).
    
8. In the Attribute Value field, you can select one of the following:
   • Set Value to create an access lock. The application will remember with what access attribute level (defined later in the Define Access Role activity) data has been changed. Anyone with a lower access attribute level will be unable to override the data.
     For Example, when a supervisor approves the expense, if this change is made with Set Value selected, no one with a lower attribute level will be able to revert this change.
   • Clear Value to remove the access lock. Once the attribute owner changes data, the application will remove any existing access locks. Anyone with access to data will be able to change it, regardless of their access attribute level.
     For Example, if a supervisor wants to move the expense status back to the Confirmed state, and wants someone else to do the approval, he should have a different record defined:
     To revert approval back to confirmation, the EXPENSE_STATUS column should have Old Value set to Approved, New Value set to Confirmed, and Attribute Value set to Clear Value. In this case, Clear Value will allow supervisors with lower attribute level to do the approval (if they have the the relevant attribute assigned).
   • If left empty, the access lock will be ignored. A supervisor will modify the data if he can, leaving the previous access lock active.
9. Save the information.