1C:DN > Knowledge Base > Developer resources > Development recommendations > Record- and field-level access restrictions > Data access restrictions based on tabular sections

Data access restrictions based on tabular sections

This section contains examples of data access restrictions based on the values of tabular sections fields. We recommend that you also read the following:

For metadata objects that can contain tabular sections, data access restrictions only apply to database objects as a whole. But the texts of access restrictions can use columns of tabular sections. The most popular tasks related to applying data access restrictions based on tabular section fields are as follows:

  1. Allow access to an object if a condition is true for at least one record of a tabular section.
  2. Allow access to an object if a condition is true for all the records of a tabular section.
  3. Allow access to an object if a condition is true for all the records of a tabular section or if a tabular section is empty.

The access restrictions script allows you to implement any of the listed access restrictions. Suppose that the UserRights register contains the mapping between users and the objects they have rights to access. The TabularSection1 tabular section of the Catalog1 catalog contains the Object field, which references objects that define data separation between users. The CurrentUser session parameter contains a reference to the Users catalog item, which corresponds to the current Infobase user. Below you will find sample restrictions that deal with each of the above tasks.

The access condition is true for at least one record of a tabular section

Catalog1
WHERE Catalog1.TabularSection1.Object IN
(
    SELECT
        RightsRegister.Object
    FROM
        InformationRegister.UserRights AS RightsRegister
    WHERE
        RightsRegister.User = &CurrentUser
)

This restriction allows the current user to access only those items of the Catalog1 catalog whose tabular sections contain at least one record with its Object attribute referencing an object allowed for the user.

The access condition is true for all the records of a tabular section

Catal1 WHERE (NOT Catal1.Ref IN
    (SELECT TOP 1
        Cat1.Ref
    FROM
        Catalog.Catalog1 AS Cat1
        LEFT JOIN
        Catalog.Catalog1.TabularSection1 AS TS1
        ON Cat1.Ref = TS1.Ref
        LEFT JOIN
        InformationRegister.UserRights AS RightsRegister
        ON
        TS1.Object = RightsRegister.Object AND RightsRegister.User = &CurrentUser
    WHERE
        Cat1.Ref = Catal1.Ref
        AND RightsRegister.Object IS NULL ))

This restriction allows accessing only those items of the Catalog1 catalog where all tabular section records reference allowed objects.

The access condition is true for all the records of a tabular section or a tabular section is empty

Catal1 WHERE (NOT Catal1.Ref IN
    (SELECT TOP 1
        TS1.Ref
    FROM
        Catalog.Catalog1.TabularSection1 AS TS1
        LEFT JOIN
        InformationRegister.UserRights AS RightsRegister
        ON
        TS1.Object = RightsRegister.Object AND RightsRegister.User = &CurrentUser
    WHERE
        TS1.Ref = Catal1.Ref
        AND RightsRegister.Object IS NULL ))

This restriction allows accessing only those items of the Catalog1 catalog whose tabular sections are empty or only have references to allowed objects.

Next page: Data access restrictions. Operating concepts overview

Be the first to know tips & tricks on business application development!

A confirmation e-mail has been sent to the e-mail address you provided .

Click the link in the e-mail to confirm and activate the subscription.

© 1C LLC. All rights reserved

1C Company respects the privacy of our customers and visitors to our website.

Disclaimers and Limitation of Liability | Terms and Conditions | Privacy policy | Site Map