Dynamic permissions

With dynamic permissions you have the possibility to assign different access rights to the object in the Portal depending on which role or task the users have or should perform in the object.

Objects have the Dynamic permission property, where you can reference one or more dynamic permission. Dynamic permissions have an ACL and a condition or query. If the condition is met or the query returns the corresponding result, the user receives the rights to the object that are defined in the ACL.

Example:  

In the Invoice Processing process, the user Mia Manager is assigned as the Operational Process Responsibility. The process has the Dynamic permission User is process manager. The following is configured in the dynamic permission:

  • Condition: Query condition whether the currently logged in user is operational or strategic process manager.

  • Query (alternative to condition): Query that checks whether the currently logged-in user is an operational or strategic process manager.

  • ACL: Public Read & Write

Accordingly, Mia Manager has read and write permissions in the Invoice Processing process as long as she is assigned there as Operational Process Responsibility.

Evaluation logic

  • If an object has a dynamic permission, it will be evaluated.

  • If an object has several dynamic permissions, they are evaluated one after the other.

  • If none of the referenced dynamic permissions apply, the default ACL of the object defined in the ACL property is evaluated.

Note: Dynamic permissions are inherited to child elements.

Configuration

Dynamic permissions are created and configured in the SystemAdministration in the UserAdministration section. All dynamic permissions that are created, configured and activated there can be referenced in objects in the Dynamic permissions property.