In Designer mode

 


Let us modify the technician rights.

  1. Grant the Technician role the View right for the EmployeeAccruals document, and also the View right for the Payroll subsystem.

    The right to view the Payroll subsystem is required because the document belongs to the subsystem.
  2. Grant the View right for the WorkScheduleTypes catalog and for the MainAccruals chart of calculation types.

    These rights are required because the EmployeeAccruals document references these objects.
  3. In the list of configuration objects, click the EmployeeAccruals document, and then click its Read right.

    This right was granted automatically when you granted the View right,
  4. In the Data access restrictions list, click the Add  button (fig. 22.11).


    Fig. 22.11. Adding an access restriction for the Technician role

    The idea is to deny access to all the fields of the EmployeeAccruals document. So you do not have to select fields here.
  5. Click the selection button  in the Access Restriction column (fig. 22.12).


    Fig. 22.12. Opening access restriction editor

    This opens the Restrict access dialog box where you can describe the restrictions in a language that is a subset of the query language.

    To simplify the process, let us use the query wizard.
  6. Click Query Builder.

    Actually this opens the data access restriction wizard, which is very similar to the query wizard (see fig. 22.13).

    Note that the EmployeeAccruals table is automatically seleted on the Tables and fields tab and the wizard is opened on the Conditions tab.
  7. Drag the CalculationType field of the Accruals tabular section to the list of conditions, select the Arbitrary check box, and populate the right-hand part of the condition as shown in listing 22.1 (fig. 22.13).

    Listing 22.1. Data access restriction

    EmployeeAccruals.Accruals.CalculationType <> 
        VALUE(ChartOfCalculationTypes.MainAccruals.Bonus)

    Fig. 22.13. Data access restriction wizard
  8. Click OK (fig. 22.14).


    Fig. 22.14. Data access restriction script

    The current user can only read or edit some database object if a data access restriction grants them the right to perform this action (if the restriction condition is true).

    In this example a user can read the Employee Accruals document

    EmployeeAccruals WHERE ...
    only if its Accruals tabular section

    ... WHERE EmployeeAccruals.Accruals ...
    contains calculation types

    ... WHERE EmployeeAccruals.Accruals.CalculationType ...
    that are not Bonus calculation type

    ... <> VALUE(ChartOfCalculationTypes.MainAccruals.Bonus)
  9. Click OK.

    The data access restrictions pane for the Technician role should look as shown in fig. 22.15.


    Fig. 22.15. Access restriction for the Technician role

Comments
0
Add comment