Access Restrictions for Jet Pages

Access to all UI pages is protected by access restrictions of type Function. Each page is represented by an access restriction of type function. So a user can only access pages he has been granted access to via one of his roles. Function access is granted on the level of a page. It is not possible to give access to certain parts of a page. For example, when the user has access to the persons page, he can search for persons, he can access all parts of that a view and edit person page like person data, person addresses, person bank accounts and so on.

A user can be granted Retrieve access to a page, and optionally also Create, Update, and/or Delete access. Create access means that new records (objects and its details) can be added. Delete access means that records can be deleted. Dynamic fields and multi-select drop down lists are considered attributes of an entity, if the user has Update access to the page he can add/remove/update such attributes even if he does not have Create or Delete access.

Menu options to which the user does not have access, are not shown. On a page to which the user has access, add /delete / save buttonsarehidden if the userdoes not have access rights for that operation. If theuser does not have update access, fields are displayed asread-only.

The pages uses HTTP API resources and Integration points (generic/specific) to perform DMLs and therefore, appropriate grants to GET (to view), POST (to create), PUT (to update), PATCH (to update), DELETE (to delete) operations must be granted on the resource, operations, sub resources and linked resource.

Whenever a page access is provided to a user, access to required IP/API is automatically granted. However, exception to the rules are IP/API that allow user to perform certain restricted operations e.g. submitting a group client or policy.

The following table provides details on pages that require additional API/IP access to perform special operations - function code - API/IP access required

Page

Function Access

Restricted Access Restrictions

Policies Search

Policies View

PO0001

  • To access Validate policies, user must have access to "policies.validateIP" and update access to PO0001

  • To access Submit policies, user must have access to "policies.submitIP" and update access to PO0001

  • To access Revert policy to previous version, user must have access to "policies.revertIP" and update access to PO0001

  • To access operation To Edit, user must have access to "policies.toEdit" and update access to PO0001

  • To view policy calculation periods, access to generic api policycalculationperiods is needed.

Policy Attached Data View

PO0001

  • Appropriate access to resource attachedpolicydata</li>

Group Setup

Page

Function Access

Restricted Access Restrictions

Group Client Search

Group Client View and Edit

PO0083

  • To submit group client, user must have access to "groupclient.submit IP"and update access to PO0083

Configuration

Page

Function Access

Restricted Access Restrictions

Change event rules

PO0032

In order to access monitoring fields for insurable entity types "Object" , GET access to generic resource as given by its configured resource name must be provided.