Adding/Editing Access Levels

The following section describes how to work with the editor of access levels when adding a new access level or editing an existing one. When the user logs into the application in the Operation Mode she is assigned a particular access level that determines which elements of the business space version (such as business objects, their attributes, processes etc) she will be able to access. Access levels are described in more detail in the Access Level section.

Working with Access Level Editor section describes how access levels can be specified in the Configuration Tool.

The editor of access levels can be started as described in the Working with Configuration Elements section. Before you start specifying access restrictions you must provide the name of the access level. The following restrictions apply:

• The name must be unique among the names of other access levels
• The name must start with a character or underscore symbol. All other symbols may be characters (including underscore symbol) or digits. Spaces within a name are not allowed.

You can also optionally provide a description of an access level. Providing a description is not mandatory but is highly recommended. Any description if defined is included into the generated documentation for the business space version – see Generating Documentation. To provide the description press the Description button next to the name and type in the description in the dialog that appears.

The editor of access levels contains a tree with those elements of the business space version that you can set access to – Business Objects and their attributes, Processes, Queries, Document Templates and Services. The “Access” column in the tree specifies access level restrictions of the corresponding element in this Access Level. You can edit column directly – click on the cell and select the appropriate values from the drop down of available values. Most elements support the following values:

This value indicates that there are no restrictions to the element represented by the selected row (this is the default access assigned to any newly created element, except for the Guest access level where the default value is “Not available”).

This value indicates that an element represented by the selected row is not visible or accessible to the users of this access level. With this access level Aware IM will automatically remove the element from any user interface that deals with the ement – menus, operations and forms. For example, if you specify that a business object is not available, any operations that create or edit such an object will be removed from the corresponding menus and toolbars; if you specify that an attribute is not available it will be automatically removed from all forms that show this attribute.

In addition to the above values business objects and attribute support the following values:

If you set this value to a business object it indicates that all attributes of the business object are read-only – their values can be seen by the user but not changed. Also the user will not be able to create instances of the business object. If you set this value to an attribute, this particular attribute will not be editable on all forms where it is present.

This value indicates that instances of the business object represented by the selected row will only be visible to those users who created the instances in the first place. All users of this access level will be able to create instances of the business object but they will not be even aware that there are instances of the same business object created by other users – when they search for the business object the system will only return the instances created by them, so they will only be able to edit their own instances.

This value should only be used for business objects that are members of the SystemUsers group. It indicates that the users are allowed only modify a attribute values of the instance of the object that represents themselves (in Change Login Details operation) but they cannot create instances representing others.

This value indicates that there are no access restrictions as far as the business object represented by the selected row is concerned but there are access restrictions to the attributes of the business object. You cannot choose this value – the Configuration Tool sets it automatically after access restrictions have been set for the attributes of the business object.

This value indicates that the attribute is fully accessible to the user that created the instance of the business object in the first place; for other users the attribute is not available (not visible) at all.

This value indicates that the attribute is fully accessible to the user that created the instance of the business object and read-only for all other users

Clicking on the “Make All Accessible” button applies the “Full Access” level to the selected row and all its sub-elements (if any). This can be used to make all attributes of a business object accessible.