Access Restrictions for Jet Pages
Access to all UI pages is protected by access restrictions of type Function. Each page is represented by an access restriction of type function. So a user can only access pages he has been granted access to via one of his roles. Function access is granted on the level of a page. It is not possible to give access to certain parts of a page. For example, when the user has access to the persons page, he can search for persons, he can access all parts of that a view and edit person page like person data, person addresses, person bank accounts and so on.
A user can be granted Retrieve access to a page, and optionally also Create, Update, and/or Delete access. Create access means that new records (objects and its details) can be added. Delete access means that records can be deleted. Dynamic fields and multi-select drop down lists are considered attributes of an entity, if the user has Update access to the page he can add/remove/update such attributes even if he does not have Create or Delete access.
Menu options to which the user does not have access, are not shown. On a page to which the user has access, add /delete / save buttonsarehidden if the userdoes not have access rights for that operation. If theuser does not have update access, fields are displayed asread-only.
The pages uses HTTP API resources and Integration points (generic/specific) to perform DMLs and therefore, appropriate grants to GET (to view), POST (to create), PUT (to update), PATCH (to update), DELETE (to delete) operations must be granted on the resource, operations, sub resources and linked resource.
Whenever a page access is provided to a user, access to required IP/API is automatically granted. However, exception to the rules are IP/API that allow user to perform certain restricted operations e.g. submitting a group client or policy.
The following table provides details on pages that require additional API/IP access to perform special operations - function code - API/IP access required
Page |
Function Access |
Restricted Access Restrictions |
Policies Search Policies View |
PO0001 |
|
Policy Attached Data View |
PO0001 |
|
Group Setup
Page |
Function Access |
Restricted Access Restrictions |
Group Client Search Group Client View and Edit |
PO0083 |
|
Configuration
Page |
Function Access |
Restricted Access Restrictions |
Change event rules |
PO0032 |
In order to access monitoring fields for insurable entity types "Object" , GET access to generic resource as given by its configured resource name must be provided. |