The rights editor provides an interface to the rights tables in the database and is used to edit and test the rights of the roles. A new role cannot be added in the Rights editor unless it has first been created in the User Manager. (For customers not using the new User manager, the roles need to be created in Oracle.)
Select Administration > Rights editor. A dialog box will open
In the tool there are three main tabs; Edit, Test and Show subtypes.
•Under the Edit tab, you can edit database roles.
•The Test tab is used to create a report on which object types and subtypes a selected role has permission to read/write.
•The Show Subtypes tab displays a list of all the system's object- and subtypes, which is useful when you want to figure out appropriate object- and subtype ranges to put on selected roles.
Common settings in the rights editor
Reset |
Undo unsaved changes. |
Save |
Save changes to the database. |
Close |
Closes the window. If changes have been made without saving, a window will open asking if the changes should be saved. |
The Edit tab
Under the edit tab, it is possible to fine-tune the roles' rights to read, write and post. If you make changes to read or write rights, the row is marked with your name and the date of change.
Under the edit tab there are three sub-tabs; Read, Write and Post, all three of which represent the different types of rights available in the database. First select the right you want to control.
The left pane displays the roles set up in the database that all have at least one defined row in the write rights (DP_WRITE_RIGHTS) or read rights (DP_READ_RIGHTS) tables.
In the right-hand window, the current read, write and post rights of the various roles are displayed within ranges of object types and subtypes, which are displayed in the fields From otype, To otype, From subtype and To subtype.
•Select the Allowed check box to allow access within the specified range. Uncheck the checkbox to deny permission.
•In the Comment field, you can describe in plain text the content of the specified interval, as an extra support.
Settings
Add role |
Add a new role to the Read, Write or Post rights list. The role must be an existing role in the database. |
Add row |
Create a row that controls read/write rights. |
Empty fields
Empty fields act as wildcards, i.e. denote infinite lower and/or upper range limits.
Examples of how ranges can be defined with empty fields:
From subtype |
To subtype |
|
3 |
All subtypes with numbers equal to or greater than 3. |
|
14 |
All subtypes with numbers less than or equal to 14. |
|
All subtypes. |
||
2 |
2 |
Only subtypes with numbers equal to 2. |
Edit read or write rights
1.Click the Edit tab in the Permissions Editor.
2.Click the Read or Write tab.
3.Select a role in the window on the left.
Edit range
To edit a range for example "From otype" - "To otype"
1.Double-click in one of the fields and enter a new value. Empty fields act as wildcards.
2.Check/uncheck the Allowed checkbox to allow or deny the right for the current role.
Add a row
Once you have selected a role in the left pane:
1.Click the Add Row button below the rights table. The Add Row window opens.
2.Fill in the desired values for the object type and possibly subtype ranges. Permissions for stages can only be defined for write permissions, not read permissions.
3.Check or uncheck the Allowed check box if it should be allowed or not allowed for the current role to read/write within the specified intervals.
Delete one or more rows
1.Select the row(s) and click with the right mouse button. In the right-click menu that opens, select Delete row(s).
2.If you delete all rows in a table, a warning message opens.
3.Click Save to commit changes to the database, or Reset to undo your changes.
|
Removing a role from the selectable list does not mean that it has been deleted from the system. To delete a role, this must be done in the User Manager. For customers who do not use the new User Management, the roles need to be deleted in Oracle. |
Add a role
|
Note that the role you specify must already exist in the database. |
1.Click the Add Role button in the left pane. The Add Role window opens.
2.Enter role name (mandatory).
3.Enter the desired values that define the range for the right.
4.Select or clear the Allowed check box to allow or deny the current role to read/write within the specified ranges.
Edit Post rights
1.Click the Edit tab in the Rights editor.
2.Click the Post tab.
3.Select a role in the left window.
4.Check/uncheck the Posting Allowed checkbox to allow/deny the role the right to post.
|
If you make changes to posting rights, the row is marked with your name and the date of change. |
The Test tab
Under the Test tab, you can choose to show which object types (otype) and subtypes a role has or does not have permission to read/write. The test function is useful when checking the results of your edits. In the Test tab, the type names of the object types and subtypes are displayed in plain text, which makes it easier to check the rights.
Test rights
1.Select the role you want to test and then click Test.
2.Under the Read tab, the object types and subtypes that the role is allowed to read, as well as the object types and subtypes that the role is not allowed to read, are displayed. The latter category is shown in red text.
3.Testing rights under the Write tab works in the same way. Because write permissions are stage-dependent, the object types and subtypes that the role may be allowed to write, and the object types and subtypes that the role definitely cannot write, are shown here.
|
•A role being tested needs to contain read rights for write rights to be displayed. •Only the rights that lie directly on the role are displayed and not the rights of roles included in the role. |
Show subtypes tab
Under the Show subtypes tab, you can get help finding appropriate range limits for object types and subtypes. The table shows a sortable list of object types and subtypes in the system. Both types are specified with type number and with type name in plain text.
You can choose to limit the object types that you want to appear in the list by entering a range in the text boxes in the lower part of the window.