- Return to book
- Review this book
- About the author
- Introduction
- 1. Architecture
- 2. Installation
- 3. Managing Objects
- 4. Managing views
- 5. Management menu
- 6. Events and actions
- 7. Widgets
- 8. Multi-Object Search
- 9. Management modules
- 10. Web Services, Import and Export Data
- 11. Managing users and access rights
- 12. Customizing CSS styles
Access rights to data
Management of access to information from the rights Axelor platform is very flexible. Each user can belong to a group, and the group determines the data access permissions.
- Visibility of menu entries: Permissions menu
- Access to tables in the database: Object Rights
- Access to records in a table: Rights Record
Object Rights
Access to objects controls give you the ability to define what users are allowed to do with the data when they can access it.
Object
A business object represents an entity in the system. Objects are linked to database tables, and also to other concepts, such as the functions of fields and methods that provide the behavior class.
By default, for a group, where no consent is declared and that this group is not restrictive, all users in this group can access them without any restrictions. Conversely, for a group, where no consent is declared but it is restrictive group, all users in this group will have no access.
Object of the administration
You should always make sure you do not block configuration objects access the Administration rights for all groups. In this case, data access is impossible and unchangeable for all users. The objects are configuring access rights of the Authority are:
- com.axelor.auth.db.Group
- com.axelor.auth.db.Permission
- com.axelor.auth.db.User
You can manage access to objects four levels:
- Read : Read data of an object
- Write : a record of an object Changing content
- Create : Create a new record of an object
- Remove : recording an object Suppression
In this example, we defined a restriction for users of the "User" group. The restriction is as follows:
- The object "Contact" for users belonging to the group "User" is limited to reading. Deletion, modification, creation or registration is prohibited.
In the event that, for this group, the object "Contact" would be completely restrictive (no read permission), no recording will be uploaded to the database. Moreover, in a view, if a reference to the object exists (for a M2O), the user can not open this field.
Rights in the recordings
The rules on records set by access level determines who can access the records and with what conditions. For each level of access, you can define conditions:
- Condition : Conditioned recording to be com.axelor.sale.db.Order
- Params : Parameters
In this example:
- The user has the option to read all records.
- The user can not change the records he created.
- The user can create a record
- The user has the option to delete only the records he created.
By default, if no condition is given then the CRUD will be applied to all records.
Information
The user rights management is very flexible. However, for not making the application unusable, defining access rules must have been previously established consistently.