Instance ManagementSecuritySecurity ManagementData Permissions

Configuring Data Permissions

Overview

The Data Permissions screen allows you to add data permission rules that grant user groups access to defined data sets. The screen also allows to edit, clone, and delete selected data permission rules.

Definition of Data Permission Rule

A data permission rule defines which groups can access data associated with the particular type. Each data permission rule grants access to different data sets.

Data Permissions Screen

The Data Permissions screen comprises the following elements:

  • The Add button - click it to add a new data permission rule
  • The Refresh button - click it to update information about the existing data permission rules
  • The grid - use it to see a list of all added data permission rules. The grid has the following columns:
    • Name - a unique name of a data permission rule. It can have a maximum of 256 characters.
    • Description - additional information about the data permission rule. It can have a maximum of 256 characters.
    • Type - a type to which the data permission rule will apply. Currently, the only type available is Subledger Node.
    • Scope - a range of data within the type, for example, Subledger Node to which the data permission rule will grant access. You can grant access to all data within the type by selecting the All option from the Scope list. Values from this list are taken from the Subledger Node field defined in the Journal Line Definition.
    • Groups - names of groups assigned to the particular data permission rule
    • Details - contains the chevron, which you can click to view details of a selected data permission rule. To go back to the Data Permissions screen, click the breadcrumb.

Data Permissions Details Screen

This screen is displayed if you click the chevron in the Details column. The screen comprises the following elements:

  • The action buttons:
    • The Edit button - click it to edit a selected data permission rule
    • The Clone button - click it to clone the selected data permission rule
    • The Delete button - click it to delete the selected data permission rule

      Deleting a data permission rule causes all user groups assigned to this rule to lose access to the data range defined in it. It is worth noting that if these user groups were not assigned to other data permission rules, they would not have access to any data in the system.

  • Data permission configuration details in dedicated panels:
    • Details - contains information about the name of the data permission rule and its description
    • History - contains information about who and when created and updated this data permission rule
    • Subject - contains information about a type and its scope assigned to this data permission rule
    • Groups - contains information about groups assigned to this data permission rule

Tutorials

Data permissions control the visibility of data. By assigning data permission rules to groups, you made them access only a subset of the data. Hence, data permission rules should be defined with caution. Since they also depend on the Fynapse configuration, we recommend consulting their settings with business experts who understand their influence on, for example, Subledger mapping or Journal’s structure.

  1. Go to Security > Data Permissions.
  2. Click the Add button.
  3. Provide basic information about a rule:
    1. Into the Name field, type a unique name for the data permission rule.
    2. Into the Description field, type an optional description.
  4. In the Subject panel:
    1. From the Type list, select the type. Currently, the only type available is Subledger Node.

      Keep in mind that you will not be able to change a type once you save it.

    2. From the Scope list, select which data ranges you want to add to this rule.
  5. In the Groups panel, select checkboxes next to the groups you want to assign and add access to previously selected data.

    Groups can also be assigned via the Groups screen during their creation or edition.

  6. Click the Save button to save the data permission rule or the Cancel button to discard your changes. The new data permission rule will appear in the Data Permissions grid.

Data permission rules affect data access only when the data permissions feature is enabled. Read the How to Enable the Data Permissions Feature tutorial to learn more.

  1. Go to Security > Data Permissions.
  2. In the grid, find a data permission rule you want to edit, and in the Details column, click the chevron.
  3. Click the Edit button.
  4. Introduce necessary changes.
  5. Click the Save button to save the data permission rule or the Cancel button to discard your changes.
  1. Go to Security > Data Permissions.
  2. In the grid, find a data permission rule you want to clone, and in the Details column, click the chevron.
  3. Click the Clone button.
  4. Introduce necessary changes.
  5. Click the Save button to save the data permission rule or the Cancel button to discard your changes.

Deleting a data permission rule causes all user groups assigned to this rule to lose access to the data range defined in it. It is worth noting that if these user groups were not assigned to other data permission rules, they would not have access to any data in the system.

We recommend manually deleting all data permission rules assigned to the Subledger Nodes before uploading a new system configuration (via the Configuration Data screen) that will introduce changes to these Subledger Nodes. If you do not delete them prior to uploading the configuration, the system will retain the rules, but you will still be able to delete them later.

  1. Go to Security > Data Permissions.
  2. In the grid, find a data permission rule you want to delete, and in the Details column, click the chevron.
  3. Click the Delete button.
  4. Confirm your action. The data permission rule will be deleted, and the user groups assigned to it will lose access to the data range defined within this rule.

Learn More