- Data Management
- Security and Compliance Studio
- Activities
You can override the permissions of a security role based on a security scenario. You typically do this to delimit access to specific data.
In a security scenario, you can indicate all securable objects and related access levels that are required for a user to perform one or more tasks. You can use this setup to override the permissions on one or more security roles.
If you override permissions of a security role:
- For the first time, for each entry point type in the security scenario steps, a new duty and privilege are created. The name of the new duty and privilege is [Role name] ([entry point type]). Example: The role is Accountant and permissions are overridden for entry points type Display and Output. As a result, the new duty and privilege names 'Accountant (display)' and 'Accountant (output)'.
The new privilege is added to the new duty with the same entry point type. All entry points and permissions, as defined for the security scenario, are added to the privilege for the entry point type. - And a duty and privilege are already available for an entry point type, the entry points and permissions are added to the existing privilege. If an entry point already exists for the privilege, its permission is overwritten.
If on the security scenario the access level of a securable object is:
- No access, all permissions are denied.
- View, only the Read permission is granted.
- Edit, the Read and Update permissions are granted.
- Create, the Read, Update, and Create permissions are granted.
- Full control, all permissions are granted.
Standard procedure
1. |
Click Security management. |
2. |
Click the Scenarios tab. |
3. |
In the list, find and select the desired record. |
4. |
Click Edit. |
5. |
Click Override permissions on roles. |
6. |
On the dialog, in the list, find and select the roles which permissions you want to override. |
7. |
Sub-task: Override with custom permissions. |
7.1 |
You can also override the security role permissions with custom permissions. So, the permissions as set on in the scenario steps are not considered. Each securable object, as defined in the scenario steps, gets the permissions as defined on this dialog. |
  |
Select Yes in the Set custom permissions field. |
7.2 |
In the Read field, select an option. |
7.3 |
In the Update field, select an option. |
7.4 |
In the Create field, select an option. |
7.5 |
In the Delete field, select an option. |
8. |
Click OK. |
9. |
Click Yes. |
10. |
Close the page. |
Notes
- You can also override permissions on security roles when you match roles. You can override permissions for a selected role on the Match roles page (Override permissions on selected role) or choose any role (Override permissions on roles).
- Each override of permissions on security roles is logged in the data security history. You can view this history in these places on the Security management workspace or the Security audit workspace, on the Data security tab, on the History tab.