Define Additional Access Attribute Criteria
Explanation
This activity is used to define the table located below the Access
Attributes window header. This table controls what changes can be made
to the data stored inside the logical unit.
There are two types of records present in the table:
- The first type is
responsible for filtering who has access to data. When an access
attribute is created, several such records appear automatically. They
indicate what is checked when someone tries to access the data. In most cases it will be the
Company ID and Employee ID, but additional criteria can appear.
- The second type of records defines what actions can be performed on the
data. These are the records that you will most likely want to add or edit.
You can allow authorizations, approvals, value changes and more. Keep in mind
that you do not create records for specific fields in the application, but for all data handled by
a logical unit.
Prerequisites
In order to perform this activity, an access attribute has to be created.
System Effects
As a result of this activity, additional access criteria will be added to an
access attribute.
Window
Access
Attribute
Related Window Descriptions
Access Attribute
All Data
Procedure
- Open the Access Attributes window.
- To find the access attribute, select the protected logical unit from the graphical object structure. Then, in the window header, select the
attribute in the Attribute ID field. Use the list of values.
- Add a new row in the table below the header.
- In the Column Name field, use the list of values to select the column that holds
data that you want to control. For example, the ExpenseHeader logical
unit has the EXPENSE_STATUS column in it. This column stores
data about authorizations of expense status.
- The Key Column field is used by records that specify who can
access data. Leave it empty.
- The Old Value field specifies what values can be changed by an
owner of the access attribute. The attribute owner can change data only
if they match contents of the Old Value field. For example, if the
EXPENSE_STATUS column has Old Value set to Approved, the
supervisor will be able to modify the expense only when it is approved.
Note:
In some columns, you can right-click the record and click Set Old
Values... to select available old values. In that case, the only
logical operator you can use in the field is ; that separates values.
If the Old Value field is left empty, the attribute owner can modify
all data stored in
the column.
The field can store several old values, separated by the ; sign.
The field can store numerical and text values, depending on the column
selected.
You can use logical operators such as % (any value), >
(greater than), < (less than), >= (equal or greater),
<= (equal or less), <> (not equal), !% (no value),
.. (between), ; (or).
- The New Value field specifies what new values can be set by the owner of the access attribute.
The attribute owner can change data only to what is listed in the Old
Value field. For example, if the EXPENSE_STATUS column has New
Value set to Authorize, the supervisor will be able only to
authorize the expense.
Note:
In some columns, you can right-click the record and click Set New
Values... to select available new values. In that case, the only
logical operator you can use in the field is ; that separates values.
If left empty, the owner will be able to modify the data to any state.
The field can store several new values, separated by the ; sign.
The field can store numerical and text values, depending on the column
selected.
You can use logical operators such as % (any value), >
(greater than), < (less than), >= (equal or greater),
<= (equal or less), <> (not equal), !% (no value),
.. (between), ; (or).
- In the Attribute Value field, you can select one of the
following:
- Set Value to create an access lock. The application will remember
with what access attribute level (defined later in the Define Access Role
activity) data has been changed. Anyone with a lower access attribute level will be
unable to override the data.
For Example, when a supervisor approves the expense, if this change is
made with Set Value selected, no one with a lower attribute level
will be able to revert this change.
- Clear Value to remove the access lock. Once the attribute owner
changes data, the application will remove any existing access locks. Anyone
with access to data will be able to change it, regardless of their access
attribute level.
For Example, if a supervisor wants to move the expense
status back to the Confirmed state, and wants someone else to do the
approval, he should have a different record defined:
To revert
approval back to confirmation, the EXPENSE_STATUS column
should have Old Value set to Approved, New Value set
to Confirmed, and Attribute Value set to Clear Value. In
this case, Clear Value will allow supervisors with lower attribute
level to do the approval (if they have the the relevant attribute
assigned).
- If left empty, the access lock will be ignored. A supervisor will modify the
data if he can, leaving the previous access lock active.
- Save the information.