General Info

Security labels allow you to restrict user access to work with objects. A label is a set of attributes that are checked, and is used to delimit access rights to data within a single entity/lookup entity. A list of permitted attribute values is specified for the user role to whose label is assigned. The user can only work with entity/lookup entity records whose attribute value matches the allowed ones. The logic of data access restrictions:

• If several attributes are involved in the label, the user sees the records where the value of the specified attributes matches the allowed values configured for the user (i.e. a logical “AND” works within the label).

• If several instances of the same label are configured for the user, the user sees the records that completely satisfy one of the label instances (i.e. a logical “OR” works between the labels).

• If several different labels are configured for the user, then the user sees records that satisfy all labels (i.e. a logical “AND” works within between labels). In this case, rules 1 and 2 apply inside the labels.

Access restriction should be understood to mean:

• Search queries return only data that satisfy the labels;

• When editing or creating a record, users cannot save the record if it does not satisfy the labels applied.

Assigning Securiry Labels

To configure and assign security labels, the following actions must be performed:

• Create security labels;

• In the “Roles” section, assign a set of labels to the required role;

• In the “Users” section, assign the role to the required user;

• Enable securiry labels for the account.