Business Objects Access Rights
Access rights are a way to restrict access to a particular Business Object. Access rights work in combination with role permissions to allow for a fine-grained two-dimensional permission system.
Access rights are always set per Business Model. Configuring access to objects of one model has no effect on access to objects of a different model.
Default Access
You can set default access for Business Objects of a given Model by going to Business Models > Model Designer > Default User Access. If you set default access, you don't need to set access on each individual Business Object. However, if you do set access on a Business Object, it overwrites (replaces) the default access settings.
Disabling Access Control
You can disable access control for a given Business Model altogether. Go to Account > Configuration > Business Objects > Access Control Disabled and select the respective Business Model.
If access control is disabled for a Business Model, all users can access all Business Objects in that collection and edit them according to their role permissions.
Role Permissions & Access Rights
The relationship between role permissions and access rights can be thought of as two axis in a two-dimensional permission system.
An access right defines IF a user can access an object. If so, the role permissions define WHAT a user can do with this object (create, read, delete).
Example 1: Admins
Admins always have access to all objects with all permissions.
| Create | Read | Delete | |
|---|---|---|---|
| Object 1 | ✅ | ✅ | ✅ |
| Object 2 | ✅ | ✅ | ✅ |
| Object 3 | ✅ | ✅ | ✅ |
Example 2
Permission: Read objects. Access rights: Object 1, Object 3.
| Create | Read | Delete | |
|---|---|---|---|
| Object 1 | ⛔ | ✅ | ⛔ |
| Object 2 | ⛔ | ⛔ | ⛔ |
| Object 3 | ⛔ | ✅ | ⛔ |
Example 3
Permissions: Read objects, delete objects. Access right: Object 2.
| Create | Read | Delete | |
|---|---|---|---|
| Object 1 | ⛔ | ⛔ | ⛔ |
| Object 2 | ⛔ | ✅ | ✅ |
| Object 3 | ⛔ | ⛔ | ⛔ |
Example 4
Permission: Read objects. Access control disabled.
| Create | Read | Delete | |
|---|---|---|---|
| Object 1 | ⛔ | ✅ | ⛔ |
| Object 2 | ⛔ | ✅ | ⛔ |
| Object 3 | ⛔ | ✅ | ⛔ |
Example 5
Permission: Read objects. Access control enabled but no access to any objects (neither on object level, nor via default access).
| Create | Read | Delete | |
|---|---|---|---|
| Object 1 | ⛔ | ⛔ | ⛔ |
| Object 2 | ⛔ | ⛔ | ⛔ |
| Object 3 | ⛔ | ⛔ | ⛔ |
See Business Objects