Advanced Security Configuration – Data Restrictions
Data Restrictions are part of the setup of the Security Groups and can be found in the Go To menu under Security > Security Groups. Data Restrictions can be setup for any of the groups from the Data Restrictions tab and can be used to:
- - Restrict visibility of entire objects – this would be used to limit users from viewing particular Purchase Order for example those of other departments
- - Restrict visibility of particular attributes – this is used stop particular users from viewing some of the details of particular records
- - Restrict visibility of collections – restrict particular users to view only particular sets of items or companies
Before setting up Data Restrictions it necessary to setup Conditional Expressions.
Setting-Up Conditional Expressions
Conditional Expressions are setup from the Conditional Expression Manager application which can be found in the Go To menu under Administration > Conditional Expression Manager. A conditional expression is made up of the following details:
Attribute
|
Description
|
Condition Code
|
A reference code for the expression
|
Description
|
A brief description of the condition
|
Type
|
A value, either CLASS or EXPRESSION that defines whether the condition is attached to Java Class or SQL Expression
|
Expression
|
SQL Where Clause containing the condition under which expression is positive or negative
|
Class
|
This is a reference to the Java class which needs to be called by this Conditional Express
|
Always Evaluate
|
The always evaluate check mark should be checked for complex expressions which include references to other fields. This way the field will be re-evaluated when changes to other fields occur. Re-evaluation has a processing overhead.
|
Reference Count
|
This is a read-only field which gives the details on how many times this condition is used within particular areas of the system.
|
Applying the Data Restriction
Data Restrictions are applied in Security Groups application on the Data Restriction application. The tab contains three sub-tabs:
- Object Restrictions
- Attribute Restrictions
- Collection Restrictions
Object Restrictions
The object restrictions tab is used to create controls against object such as work orders, purchase order or items. It includes the following fields:
Attribute
|
Description
|
Object
|
The name of the object
|
Application
|
The name of the application to which the restriction should apply, if left empty it will apply to all applications
|
Type
|
This field includes the following choices:
- READONLY – the object fulfilling the condition will be shown but will be read-only
- HIDDEN – the object will not be shown in the application
- QUALIFIED – the object will not be shown in applications or look-ups
|
Re-Evaluate
|
Same as above
|
Condition
|
The condition to be used for this restriction. All objects which fulfil the condition will be restricted.
|
Attribute Restrictions
The attribute restriction is used to hide particular attribute, such as the labor rate, or total contract value.
Attribute
|
Description
|
Object
|
The name of the object to be restricted
|
Attribute
|
The name of the attribute to be restricted
|
Application
|
The name of the application to which the restriction should apply, if left empty it will apply to all applications
|
Type
|
This field includes the following choices:
- READONLY – the attribute fulfilling the condition will be shown but will be read-only
- HIDDEN – the attribute will not be shown
- REQUIRED – the attribute fulfilling the condition will be shown and will be required
|
Re-Evaluate
|
Same as above
|
Condition
|
The condition to be used for this restriction. All objects which fulfil the condition will be restricted.
|
Collection Restriction
The collection restriction tab is used to give the group access to particular collections.
Example – Setting-Up a Conditional Expression to make Purchase Orders of a particular supplier read-only for a particular group
- Go to the Condition Expression Manager application
- Create a new Conditional Expression by clicking on the New Button and add the following details:
a.Condition Code - POREADONLY
b.Description – Vendor Read-Only
c.Type –EXPRESSION
d.Expression – :VENDOR = ‘ATI’
e.Always Evaluate – true
3.On the Security Groups application select the group to which you want to add the condition
4.On the Data Restrictions tab, select the Object Restrictions tab
5.Create a restriction by clicking the New Row button and add the following details:
a.Object –PO
b.Application – <empty>
c.Type – READONLY
d.Condition – POREADONLY
Login with a user who is part of this group and you find all the Purchase Orders related to vendor ATI as read-only.
Most of your post has been really helpful to me..I am new-bee to Maximo development i used to be on the functional side of Maximo but my new project is more on the dev side. Please can you help me out with some issues i have been having.
ReplyDeleteI have requirement in 7.5 that says.
For example a if Activity type field value =CM ; the scheduled start field cannot be set within a 14 day window. So if the WO is created on November 1st, and is a Activity type field value =CM it cannot be scheduled prior to November 15th. (see screen shot below)
The exception to this is that if the priority field = 1 (emergency) AND the Priority justification has a value in it.
so further explanation is if today is the 1st and the user choose CM in the activity type then the user try to put a date less than the 14th of this month,the system should not allow the user and a message should come up saying "you need to put a date greater than the 14 days from now'
Emergency priority can disable the schedule, but also requires a 'Priority Justification'
Please can you help with a step by step process of achieving this requirement successfully> your help will be greatly appreciated
You can reply back to olakarim1@gmail.com
Hi there,
ReplyDeleteThis requirement can be fulfilled by customization or by using script. I will try to do this with the script and will give you the solution document.
This comment has been removed by the author.
ReplyDelete