Error: Invalid spaceKey on retrieving a related space config.

Controlling access by using implicit groups: Row-level security

You can limit access to requests on a per-group or per-user basis. (This is often described as "row-level access," because each request is a row in the database table.) Membership in implicit groups (and their corresponding permissions) is implied when specific values are entered into certain BMC Remedy AR System fields.

The following table shows the differences and similarities among these implicit groups and their associated fields.

Implicit group

Group ID

Associated default field name

Field ID

Core field?

Associated field contents

Submitter

3

Submitter

2

Yes

User name

Assignee

3

Assigned To

4

Yes

User name

Assignee Group

7

None

112

No

User, group, or role names

Dynamic groups

60000-60999

None

60000-60999

No

User, group, or role names

 

You can also grant parent groups row-level access. For information, see Controlling access to requests for hierarchical groups.

Fields with row-level security in searches are handled differently than regular fields to ensure that indexes (if used) are used properly and performance is not impacted.

For example, a form might contain two fields (Field1 and Field2) and two dynamic groups (DynamicGroup1 and DynamicGroup2). DynamicGroup1 controls access to Field1, and DynamicGroup2 controls access to Field2.

A user (not an administrator) performs a search with the following qualification:

'Field1' != $\NULL$ OR 'Field2' != $\NULL$

The following SQL WHERE clause is used in the search:

(Field1 is not NULL OR Field2 is not NULL)
AND (user is member of DynamicGroup1)
AND (user is member of DynamicGroup2)

If regular fields were used, the following SQL WHERE clause would be used:

(Field1 is not NULL AND (user is member of DynamicGroup1))
OR (Field2 is not NULL AND (user is member of DynamicGroup2))
Was this page helpful? Yes No Submitting... Thank you

Comments