Assigning Labels to Roles¶
The “Security labels” section has a list of existing labels that can be included and customized for each individual role (user). Labels are created and edited in the appropriate section.
To enable a security label for a role:
Select the required role.
Click Off against the security label that needs to be activated.
As a result, the label will be enabled for the current role.
A list of security label attributes becomes available. The content of the list depends on how the security label in the relevant section has been configured and whether one or more attributes are contained.
If necessary: specify the attribute values in the label.
If no value is specified, all entity/lookup entity records will be available to the steward, regardless of what value the attribute takes.
If the value is specified, the steward will have access only to those records at which this attribute takes the specified value. For example, only customers with USA citizenship.
If the security label contains more than one attribute, only those records that match all label conditions will be available to the steward. For example, M12-threaded spark plugs and DENSO manufacturer.
If necessary, add another list of security label attributes.
The «OR» separator is displayed between the attribute lists.
If the security label contains more than one set, the records corresponding to the conditions of each set will be available to the steward. For example, 4 sets with Philips, Polaris, Panasonic, and Bosch values allow the steward to work with records of specified producers.
After completing all the settings, click Save it the top right corner of the screen.
Figure 1. Enabling security label
Data access restrictions are extended by the account and the role labels.
Single attribute restrictions extend access to records with specified attribute values. For example, if the label1 (assigned to the role) contains the material: steel; the label2 (assigned to the role) contains the material: wood and the label3 (assigned to the account) contains the material: plastic, the user will have access to records with all specified material types.
Restrictions on the various entity/lookup entity attribute complement the record access conditions. For example, records with the attribute “Material: Steel” will be found 8620, and records with the attributes “Material: Steel” and “Steel grade: 60C2A” only 206.
If the account gets rights from the security label governing different entity/lookup entity, the list of available entity/lookup entity attributes increases.