1. Implementing Product Management
  2. Overview of Access Control Lists

Overview of Access Control Lists

Use access control lists to assign criteria-based access to specific objects such as manufacturers. With access control lists, you can:

  • Define and control who has access to your data.
  • Add granular access conditions for different workers.
  • Easily identify exactly what privileges are assigned to each user.
  • Build your list of workers dynamically based on specified conditions.
Note:

  • To use this feature, you must enable the profile option Redwood Manufacturer Pages Enabled (EGP_MANUFACTURER_REDWOOD_ENABLED). Also, you must opt in to the feature Redwood: Secure Manufacturers Using Access Control Lists.

  • You can use access control lists only for manufacturers in the new interface.

Access can be controlled through teams:

  • Team: A team comprises a set of team members, membership conditions, and one or more permission sets.
  • Members and Membership Conditions: Members can be added to the team individually, or derived from a filtered list of workers who match certain membership conditions. For example, workers belonging to the same business unit, location, department, and so on.
  • Permission Sets: Each permission set contains individual permissions. Each permission identifies the object for which permission is given, the conditions that must be met, and the type of access to be granted.

The high level diagram shows how the team membership and the team permission sets collectively form an access control list.

High level diagram that shows how the team membership and the team permission sets collectively form an access control list.

Configuration Summary

Here’s a summary of the configuration tasks for access control lists:

  1. Create team members who should have access to a particular object.
  2. Create permission sets with data access conditions.
  3. Create teams, add membership conditions or members, and apply permission sets.

The diagram shows how the team membership and the team permission sets are derived, and how they collectively form an access control list.

How the team membership and the team permission sets are derived, and how they collectively form an access control list.

How Access Control Lists Work with Functional Privileges on Manufacturers

Manufacturers can be secured using the access control lists and the functional privileges assigned through Security Console. Your worker’s ability to access manufacturers depends on both the permissions assigned in access control lists and the functional privileges.
Note: Permissions assigned though access control lists will only be effective if the manufacturer has been assigned the appropriate functional privileges.

Example

The table presents an example of the access granted to the manufacturers based on functional privileges and permissions in access control lists.

Functional Privileges in Security Console Permissions in Access Control Lists What Users Can Do on Manufacturers

Create Manufacturer

View Manufacturer

Manage Manufacturer

Create

View

Manage

Create

View

Edit

Create Manufacturer

View Manufacturer

Manage Manufacturer 		View View

Create Manufacturer

View Manufacturer

Manage Manufacturer		 None Can't perform any actions

Example for Manufacturer Access Control

Let’s say you want to give access to manufacturer data based on the different types of workers in your organization. In this example, we’re giving component engineers based out of New York City or Houston View permission on all manufacturers and restricting Manage permission to some US manufacturers only.

The diagram shows how the access control list is derived for manufactures in the US.

How the access control list is derived for manufactures in the US