Access Restrictions for Jet Pages

Access to all UI pages is protected by access restrictions of type Function. Each page is represented by an access restriction of type function. So a user can only access pages he has been granted access to via one of his roles. Function access is granted on the level of a page. It is not possible to give access to certain parts of a page. For example, when the user has access to the persons page, he can search for persons, he can access all parts of that a view and edit person page like person data, person addresses, person bank accounts and so on.

A user can be granted Retrieve access to a page, and optionally also Create, Update, and/or Delete access. Create access means that new records (objects and its details) can be added. Delete access means that records can be deleted. Dynamic fields and multi-select drop down lists are considered attributes of an entity, if the user has Update access to the page he can add/remove/update such attributes even if he does not have Create or Delete access.

Menu options to which the user does not have access, are not shown. On a page to which the user has access, add /delete / save buttons are hidden if the user does not have access rights for that operation. If the user does not have update access, fields are displayed as read-only.

The pages uses HTTP API resources and Integration points (generic/specific) to perform DMLs and therefore, appropriate grants to GET (to view), POST (to create), PUT (to update), PATCH (to update), DELETE (to delete) operations must be granted on the resource, operations, sub resources and linked resource.

Whenever a page access is provided to a user, access to required IP/API is automatically granted. However, exception to the rules are IP/API that allow user to perform certain restricted operations, for example, submitting a group client or policy.

The following table provides details on pages that require additional API/IP access to perform special operations - function code - API/IP access required

Table 1. Access Restrictions for Jet Pages
Page Function Access Restricted Access Restrictions

Policies Search
Policies View

PO0001

  • To access the Validate policies, the user must have access to the policies.validate IP and update access to PO0001.

  • To access the Submit policies, the user must have access to the `policies.submit`IP and update access to PO0001.

  • To access the Revert policy to the previous version, the user must have access to the `policies.revert`IP and update access to PO0001.

  • To access the operation to Edit, the user must have access to the policies.toEdit and update access to PO0001.

  • To access the operation Cancel, the user must have access to the policies.cancel IP and update access to PO0001.

  • To access the operation Cancel, the user must have access to the policies.cancel IP and update access to PO0001.

  • To access the operation Generate Output, the user must have access to the policies.mutation IP and update access to PO0001.

  • To view and edit the member (person) details from the policy page, the user must have relevant access to function access RM0012.

  • To view and edit the policy notes, the user must have relevant access to the notes API.

  • To view the Policy Attached Data, the user must have access to the resource attachedpolicydata.

  • To view the Policy calculation Period, the user must have access to resource policycalculationperiods.

  • To view the Policy Enrollment Event, the user must have access to resource enrollment events.

  • To view the Enrollment Event Notifications, the user must have access to function PO0190.

  • To view and edit the transaction reply reports, the user must have access to function PO0212 and the attachedpolicydata resource.

  • To view the Policy Accounts, the user must have access to function PO0060.

  • To view the Billing Accounts, the user must have access to function PO0193.

  • To view the Financials, the user must have access to function PO0216.

Group Setup

Table 2. Group Setup
Page Function Access Restricted Access Restrictions

Group Client Search
Group Client View and Edit

PO0083

  • To submit group client, user must have access to "groupclient.submit IP"and update access to PO0083

Configuration

Table 3. Configuration
Page Function Access Restricted Access Restrictions

Change event rules

PO0032

In order to access monitoring fields for insurable entity types "Object", GET access to generic resource as given by its configured resource name must be provided.