Field Security Matrix

Use the Field Security Matrix, to set field security permissions for users, teams, or permission sets.

Choose the Lightbulb that opens the Tell Me feature icon, enter Field Security Matrix, and then choose the related link.

This page contains a matrix showing the selected users, permission sets, or teams on the left (in the Type, ID, and Name fields). All monitored fields [tables] are displayed on the right.

To reduce the view over the monitored fields, expand the Filters FastTab and enter the number of the desired table in the Table ID Filter field. Choose the ellipsis button to open the table overview that facilitates the table selection. Select a Table ID Filter, then the corresponding table name is displayed in the Table ID Filter Description field.

Selecting a value in the Type Filter field reduces the number of lines in the Field Security Matrix. The options are:
- <Blank> – User, Team, and Permission Set will be displayed simultaneously.
- User – Only listed Users will be displayed.
- Permission Set – Only listed Permission Sets will be displayed.
- Team – Only listed Workflow Teams will be displayed.

Configuring field permissions for a new user

  1. In the Field Security Matrix, use the drop-down in the Type field and then choose User (alternatively, Permission Set or Team).
  2. Choose the ellipsis button in the ID field and select the user, permission set, or team.
  3. The Name field shows the name of the selected user, permission set, or team.
  4. The following fields are divided by a line. They represent the table fields. Here it is necessary to configure the Field Security by adding fields and assigning permissions (<Blank> / Yes / Restricted / Condition).
Note

By adding a new line, the value of each assigned field will be pre-allocated with NO. For the Inclusive Field Security Type, this means that the permission to change the field value is not given (even for not assigned users), for Exclusive, the permission to change the field value is given.

Adding Fields/Users to the Field Security Matrix

Using the Field Security Matrix, fields can be easily added to the field security monitor by following the steps below.

  1. Choose the Add Fields action on the New menu.

The Fields page opens. If a Table ID Filter is set in the Field Security page, the Fields page will be filtered accordingly.

  1. To add a field to the matrix, select a line and then choose the OK button. Select several fields at once by selecting the desired fields while keeping the Ctrl key pressed.
  2. After the fields have been selected, choose the OK button and determine the Field Security Type (Inclusive, Exclusive). This determines whether permissions to a field must be granted or revoked explicitly.

There is a multiple user selection in the Field Security Matrix page. It is possible to select multiple users by choosing the Add User action on the New menu.

Controlling Change Permissions

After adding the new fields on the Field Security Matrix page, the change permissions are assigned. The options are:
- <Blank> – Fix assignment of the NO option.
- Yes – Fix assignment of the YES option.
- Restricted – The permission to change a field value depends on the data record that will be changed. The change permission is given or not by an existing field values of the data set.
- Condition – A workflow condition must be set up to decide about the change permission.

The options <Blank> (= No) and Yes are fixed security models so no further configuration must be made.

The Restricted and Condition options need additional configuration. Choose the ellipsis button to open the configuration page.

Restricted Field Security

After selecting the Restricted option, choose the ellipsis button to open the Field Security Restrictions page.

Using the Field Security Type Inclusive, the configuration of the Restricted option works as follows:

  1. In the Permitted Field Value field, enter a valid value or valid values that should be permitted to be inserted by the user. Values are entered like field filters. For example, for valid values between 1 and 10,000, enter 1..10,000.
  2. Additionally, a distinction of valid values can be reached by adding a Condition. Choose the Condition field to open the Field Security Filters page.
  3. To define the condition, select a value in the Field No. field. The Field Name and Field Type Name fields will then be added.
  4. In the Type field, the options are:
    - CONST – There is one value in the Value field.
    - FILTER – The filter expression defines the values in the Value field.
  5. Close the Field Security Filters page by choosing the Close button.

Any number of restrictions with valid field values are allowed. The interpretation of the conditions is OR-based.

Note

For fields with Field Security Type of Inclusive, the user is allowed to enter the Permitted Field Value(s) from the Field Security Restrictions page. For fields with Field Security Type of Exclusive, the permission is reversed. That means the user is not allowed to enter the Permitted Field Value(s) from the Field Security Restrictions page.

Note

If the setup is incomplete because no valid input value is defined, the Restricted option is displayed in red italics in the Field Security Matrix.

Condition Field Security

After selecting the Condition option, choose the ellipsis button to open the Field Security Condition page.

Using the Field Security Type Inclusive, the configuration of the Condition option works as follows:

  1. Select a Condition No., which will be validated when changing the field value.

If the user-entered value is valid, the option for the changed data set is Yes, otherwise it is <Blank> (No).

  1. Turn on the Reverse Condition toggle, then the validation result of the condition will be inverted. If the entered value for the Workflow Condition is valid, the option for the changed data set is <Blank> (No), if the value is not valid, it is Yes.
Note

If the setup is incomplete because either no condition is selected or the status of the condition is not certified, the Condition option is displayed in red italics in the Field Security Matrix page.

Note

To be able to use the Condition Field Security Model, the Process Management module is required.

Further Explanation on Field Security Types

The field permissions are assigned in the Field Security Type field of the Field Security Setup Fields. The options are:
- Inclusive – By selecting the Field Security Type Inclusive and selecting the No (<Blank>) option, the field monitoring is activated. That means field modification is prohibited for all – also for the user in the row. By selecting the option Yes, the selected user is allowed to modify the field.
- Exclusive – By selecting the Field Security Type Exclusive and selecting the Yes option, the field monitoring is active for the selected user. That means field modification is prohibited for the user. By selecting the No (<Blank>) option, the user is allowed to modify the field.

Show Permission

For users that are listed in the Field Security Matrix page, all configured change permissions can be displayed.

Select a row and then choose the Show Permission action on the Manage menu.

The current change permissions are calculated by assessing the configurations in the Field Security Matrix and are displayed in the Field Security Permissions page.

This page shows a summary of the monitored table fields and the chosen field security configuration.

The Value field shows the selected option in the Field Security Matrix page (<Blank>, Yes, Restricted, Condition). In the context with the configured Security Type (Inclusive, Exclusive), the resulting Change Permission will be identified.

The evaluation of the Change Permission also considers the configurations regarding the role, which the user owns and the workflow teams (and their change permissions), the user belongs to.

Selecting a defined Table ID Filter in the Field Security Matrix page, it is possible to display the Field Security Permissions for a user.

The current change permission identifies the selected user by evaluating the configurations of the Field Security Matrix. As a result, all change permissions for each field of the table will be displayed.

If you select the Included in Field Sec. Setup checkbox, this means that a field is monitored by the Field Security.

Feedback

Submit feedback for this page .