Access Control Category properties

When adding or editing Access Control Categories in a Granta MI database, you can set the following properties.

Name

An Access Control Property name can be up to a maximum of 255 characters. The name must be unique within the database. It is not treated as case-sensitive, so the same name with different cases is not permitted within the same database, for example, "ac_devstatus" and "AC_Devstatus").

Discrete Type

The Discrete type that defines the range of values for the Access Control Category.

Attribute

The Access Control Category is a database-level object, and it must be mapped to a Discrete Attribute in each Table where you want to use it to control access to records. The target Attribute must have the same Discrete Type as the Access Control Category.

This mapping is performed in the New/Edit Access Control Category page in the MI Admin Schema tool:

  • If a suitable Discrete Attribute already exists in the Table, you can simply select it from the list. Only Attributes with the same Discrete Type as the Access Control Category are listed.
  • If no suitable Discrete Attribute exists in the Table, you can create one and map it in a single operation by selecting <create new Attribute> in the list. The new Attribute will have the same name and Discrete Type as the Access Control Category. If a Discrete Attribute of the same name already exists in that Table, the new one will have a number in parentheses at the end of its name (for example, ac_materialtype (2)).
Note: You will also need to ensure that the Discrete Attributes to which the Access Control Category is mapped are included in the relevant Layouts in each Table.

Once this mapping between Access Control Category and Discrete Attribute has been made in MI Admin, users who have Change permission for the Access Control Category can set the Attribute value in the same way as any other Attribute, by editing the record in an MI application.

Table-level Values

A Table-level Values option in the New/Edit Access Control Category page allows the Granta Administrator to set the value of a mapped Discrete Attribute on the Table itself, effectively controlling access to the whole Table and all of the records in it in a single operation.

  • The value is set on the table 'root node' only - setting a Table-level value does not set or change the current value (set or unset) of the Discrete Attribute in individual records in the Table.
  • The Table-level value combines by a logical AND operation with any values set for the Discrete Attribute in individual records in the table. So, to see a record, the application user must be permitted to see the Table-level value AND the record value. If the value of the Discrete Attribute set on the record permits an application user to see the record, but the Table-level Attribute value prevents them from seeing the Table, the record will be hidden from the user, and they will not be able to browse it (for example, via links) or search it.

If the Discrete Attribute in the target Table is configured to allow multiple values, you can select more than one Table-level value in the New/Edit Access Control Category page.