, , , , ,

PROTECT

This action protects a business object or its attribute from access by all or specified users. There are several variations of this action:

Syntax

  • [ READ ] PROTECT [ IN FORMS ] AttributeIdentifier () FROM Identifier () ( AND Identifier ())*

protects business object or attribute from access by users operating at the specified access level(s)

  • PROTECT AttributeIdentifier () FROM ALL

protects business object or attribute from all users

  • PROTECT AttributeIdentifier () FROM ALL EXCEPT Identifier () ( AND Identifier ())*

protects business object or attribute from all users except those operating at the specified access level(s)

Example

IF Transaction.State='APPLIED' THEN 
  PROTECT Transaction FROM ALL

do not allow any changes to a transaction if it is in the Applied state 

IF Transaction.State='APPLIED' THEN 
  PROTECT Transaction FROM ALL EXCEPT Administrator 
IF Account.State='CLOSED' THEN 
  PROTECT Account.Name FROM User

If an attribute of a business object is protected it is read-only on forms of this business object. If the entire object is protected all its attributes are read-only.

Notes:

  • By default protection applies not only to changes done via the user interface, but also to changes done by a process. It is possible to distinguish between these two situations by specifying System as access level, for example:
IF Account.STATE <> 'NEW' THEN 
  PROTECT Account.Balance FROM ALL EXCEPT System

In this case users will not be able to change the account balance when the state of the account is not new, however, it is possible to configure process rules that change the account balance.

  • Protecting attributes of referred objects is not allowed, for example the action 
PROTECT Transaction.Account.State FROM ALL

is invalid.

  • The action can only be used in rules attached to a business object to be protected. The action may not be used in a process.
  • IN FORMS key may be specified to indicate that the action only applies in forms, but not in queries (this can speed up performance of queries on the object that owns the rules
  • The action specified in the format described above protects against changes to a business object or its attribute (“write protection”). If “read protection” is required, the READ prefix should be added in front of the action. For example,
IF Transaction.State='APPLIED' THEN 
  READ PROTECT Transaction FROM ALL

When a business object is “read protected” the instances that match protection condition will not be read from the system. If an attribute is “read protected” its value will not be visible on any forms and cannot be changed.

  • Last modified: 2023/05/09 01:44