I have defined a role that has almost all rights. Only a few tables the role has no rights to. Then it is convenient to hand out all permissions and then for the few exceptions, roll back the permissions. Does that possibility exist?
Hi Marco,
Technically yes but it requires Dynamic model code to get that to work. You could create an "all_rights” role without the checkbox on by fully granting all rights to all tables, column, details, task, task parameters, reports, report parameters, process actions etc. etc. Every Generate definition cycle would recalculate the role rights to ensure it is up-to-date.
The complete list of the overviews you can edit for this to work would be:
- role_col_overview
- role_cube_field_overview
- role_cube_overview
- role_cube_view_overview
- role_list_bar_grp_overview
- role_list_bar_item_overview
- role_menu_overview
- role_module_grp_overview
- role_module_item_overview
- role_process_action_overview
- role_process_flow_overview
- role_report_overview
- role_report_parmtr_overview
- role_report_variant_parmtr_overview
- role_subroutine_overview
- role_tab_detail_overview
- role_tab_overview
- role_tab_prefilter_overview
- role_tab_report_overview
- role_tab_task_overview
- role_tab_variant_col_overview
- role_task_overview
- role_task_parmtr_overview
- role_task_variant_parmtr_overview
- role_tile_grp_overview
- role_tile_overview
We also have this as a User story on our backlog to implement someday.
However, if you want to have exceptions it will become a bit more challenging but you could defined some temporary tables with "excluded objects” so that those objects do not receive rights in the role.
For the Software Factory role software_development, we opted using an All-rights role but remove some of the rights via Post synchronization code. That's a more manageble and easy way of supplying an almost all-rights role.
Hi
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.