Security labels

Section Security labels. System administrator interface

Concept of labels

Security labels allow user to be restricted when working with objects. The security label is used to delineate access rights to data within the same entity/lookup entity and is the set of entity attributes that are being checked. A list of permitted attribute values is specified for the user role to whose label is assigned. The user can only work with entity records whose attribute value matches the valid ones. Logic of data access limitations:

  • If several attributes are involved in the label, the user sees records in which the value of the specified attributes coincides with the resolved values configured for the user (i.e. the boolean «AND» function within the label).
  • If several copies of the same label are configured for the user, then the user can see the records that fully satisfy one of the copies of the labels (i.e. the boolean «OR» function between the labels).
  • If several different labels are configured for the user, then the user sees records satisfying all labels (i.e. boolean «AND» between labels). Rules 1 and 2 apply within the labels.

Restrictions on access are to be understood as:

  • searchable queries return only data that satisfies the labels;
  • when editing or creating a record, users cannot save the record unless it satisfies the labels used.

Procedure for assigning securiry labels

To configure and then assign security labels, the following actions must be performed:

Create security label

To create security label:

  • Click the “Add new” button at the bottom of the labels list.
  • As a result of the action, a list of label parameters will be displayed in the working area.
  • Specify the name and the displayed name of the label. If necessary, add a description of the label.
  • Select an entity/lookup entity on which the label will work.
  • Specify one or more attributes. In the “Roles” and “Users” sections, you could add allowed values for the specified attributes.
  • Save label. Click the “Save” button located in the upper right corner of the screen.

To delete security label:

  • Select the required label from the list.
  • Click the “Delete” button located in the upper right corner of the screen.
  • Confirm the action.
If you need to set different number of allowed values for various attributes of the same entity/lookup entity, it is recommended to create several security labels for one entity/lookup entity.

Section overview

Figure 1. Section overview

Section legend

Figure 2. Section legend