Dynamic permissions

With dynamic permissions you have the possibility to assign different access rights to the object in the Portal depending on which role or task the users have or should perform in the object.

Objects have the Dynamic permission property, where you can reference one or more dynamic permission. Dynamic permissions have an ACL and a condition. If the condition is true, then the user gets the rights to the object that are defined in the ACL.

Example:  

In the Invoice Processing process, the user Mia Manager is assigned as the Operational Process Responsibility. The process has the Dynamic permission User is process manager. The following is configured in the dynamic permission:

  • Condition: Query condition whether the currently logged in user is operational or strategic process manager.

  • ACL: Public Read & Write

Accordingly, Mia Manager has read and write permissions in the Invoice Processing process as long as she is assigned there as Operational Process Responsibility.

Evaluation logic

  • If an object has a dynamic permission, it will be evaluated.

  • If an object has multiple dynamic permissions, they are evaluated in order until a condition is true and an ACL is returned.

  • If no condition of the referenced dynamic permissions applies, the default ACL of the object defined in the ACL property is evaluated.

Note: Dynamic permissions are inherited to child elements.

Configuration

Dynamic permissions are created and configured in the SystemAdministration in the UserAdministration section. All dynamic permissions that are created, configured and activated there can be referenced in objects in the Dynamic permissions property.