You can apply access control to restrict which individual users or application roles (groups) can access particular presentation layer objects.
For example, you can provide read-only access to a set of presentation tables for a particular application role, read-write access for a second application role, and no access for a third application role. See Granting Permissions To Users Using Groups and Application Roles .
You can also use the Identity Manager to set up privileges and permissions. The Identity Manager is useful for setting permissions for individual application roles to many objects at once, unlike permissions in the Presentation layer, which you can only set for one object at a time. See Setting Up Object Permissions and Applying Data Access Security to Repository Objects.
You can control what level of privilege is granted by default to the
AuthenticatedUser application role, which is the default application role associated with new repository objects. To do this, set the
DEFAULT_PRIVILEGES parameter in the
To set permissions for presentation layer objects:
In online mode only, by default, no users are retrieved, even when Show all users/application roles is selected. Click Set online user filter to specify the set of users you want to retrieve.
The filter is empty by default, which means that no users are retrieved. Enter * to retrieve all users, or enter a combination of characters for a specific set of users, such as A* to retrieve all users whose names begin with the letter A. The filter is not case-sensitive.
Read. Only allows read access to this object.
Read/Write. Provides both read and write access to this object.
No Access. Explicitly denies all access to this object.
Default. The permission is inherited from the parent object. For subject areas, because they are a top-level object, Default is equivalent to the permission granted to the AuthenticatedUser application role.
You can generate a permission report for individual presentation layer objects to see a summary of how permissions have been applied for that object.
To do this, right-click any presentation object and select Permission Report. The Permission Report dialog displays the name and a description of the presentation object, along with a list of users/application roles and their permissions.
There are six ways that you can sort the types and User/Application Role names in the Permissions dialog.
To change the sort, click the heading of the first or second column. The first column has no heading and contains an icon that represents the type of user or application role. The second column contains the name of the User/Application Role object.
You cannot sort on the columns for individual object permissions such as Read, and Read/Write.
There are three ways to sort by type, and two ways to sort the list of user and application role names. This results in a total of six possible sort results (3 x 2 = 6). The following list shows the sort results available by clicking the type column:
AuthenticatedUser, Application Roles, Users, ascending by name of type
Users, Application Roles, AuthenticatedUser, descending by name of type
Type column is in no particular order. The Type value is ignored, as all names in User/Application Role column are sorted in ascending order by value in User/Application Role column.
The following list shows the sort results available by clicking the User/Application Role column:
Ascending within the type
Descending within the type