Setting Attribute Level Security

In FintechOS, security access is granted in two levels entity and attribute-level. Depending on the security role attached to a system user, he or she will have CRUD operations on the level of entity and attribute.

Task at hand

The tutorial answers the following questions:

  1. How do I allow everybody in Business Unit Killarney & Business Unit Dublin to have read access to records on Entity FTOS_Pricing, but deny access to the rest?
  2. How do I allow everybody in Business Unit Killarney to read the column Transactions per day while the Business Unit Dublin not to read the column?
  3. How do I allow the Transactions per day column to be seen only by the CreationUser and Manager?
  4. How do I allow the Transactions per day column to be seen only by the CreationUser?
  5. How do I allow Transactions per day on FTOS_Pricing to be seen by the manager, but not by the user who created the record?
IMPORTANT!  
Admin user can see securable attributes!

Before you begin

  • Create one platform entity FTOS_Pricing with the following attribute list:
    NameDisplay name Attribute type
    FTOS_Pricingid FTOS_Pricingid Pk
    name name Text
    userId UserLookup

    createdByUserId

    Created by user

    Lookup

    modifiedByUserId

    Modified by user

    Lookup

    businessUnitId Business Unit Lookup
    createdOn Created On Date Time
    modifiedOn Modified On Date Time

    entityStatusId

    Status

    Lookup

    Price

    Price

    Money

    Transactionsperday

    Transactions per day

    Whole Number

    numberofproductsavailable

    Number of products available

    Whole Number

  • The attribute Transactions per day will be the secured attribute.

How to secure an attribute

When creating or modifying the attribute, tick the boolean is Securable.

1 Allowing and Denying rights on organizational level

How do I allow everybody in Business Unit Killarney & Business Unit Dublin to have read access to records on Entity FTOS_Pricing, but deny access to the rest?

Follow the path: FintechOS Studio > Security > Security roles.

In order to allow a group of people to read the entity and deny another group, create a security role that will be attached to the system users. Create a role named FTOS_Pricing_Role.

Add the security item:

Entity Security Scope

Security operator
FTOS_Pricing Organizational

Read

Once the entity is selected a grid opens with the list of secured attributes. Tick the Allow boolean for the attribute Transactions per day.

Lastly, add the security role FTOS_Pricing_Role to the system user who can read the attribute, e.g. to the users that belong to Business Unit Killarney. The rest of the system users will not have this role, hence they will not have the possibility to read.

2 Allowing and Denying rights on business unit level

How do I allow everybody in Business Unit Killarney to read the column Transactions per day while the Business Unit Dublin not to read the column?

Follow the path: FintechOS Studio > Security > Security roles.

Add the security item:

Entity Security Scope

Security operator
FTOS_Pricing Business Unit

Read

Once the entity is selected a grid opens with the list of secured attributes. Tick the Allow boolean for the attribute Transactions per day.

3 Allowing and Denying rights on parental level

How do I allow the Transactions per day column to be seen only by the CreationUser and Manager?

Follow the path: FintechOS Studio > Security > Security roles.

Add the security item:

Entity Security Scope

Security operator
FTOS_Pricing Parental

Read

Once the entity is selected a grid opens with the list of secured attributes. Tick the Allow boolean for the attribute Transactions per day.

4 Allowing and Denying rights on user level

How do I allow the Transactions per day column to be seen only by the CreationUser?

Follow the path: FintechOS Studio > Security > Security roles.

Add the security item:

Entity Security Scope

Security operator
FTOS_Pricing User

Read

Once the entity is selected a grid opens with the list of secured attributes. Tick the Allow boolean for the attribute Transactions per day.

5 Allowing and Denying rights for creator and manager

How do I allow Transactions per day on FTOS_Pricing to be seen by the manager, but not by the user who created the record?

Follow the path: FintechOS Studio > Security > Security roles.

In this example, we need two security roles. One security role is for the creator, who is not able to see the record that he created. One security role is for the manager who can see the records.

For the user, add the security item to the FTOS_Prcing_Role:

Entity Security Scope

Security operator
FTOS_Pricing Organization

Read

For the manager, add the security item to the FTOS_Pricing_Manager_Role:

Entity Security Scope

Security operator
FTOS_Pricing Parental

Read

Once the entity is selected a grid opens with the list of secured attributes. For the manager, tick the Allow boolean for the attribute Transactions per day.

For more details, see Creating Security Roles.

Congratulations! You have secured an attribute successfully!