Support > Repository > Authentication/Authorization > [Application] Browsing control of data according to combination pattern of multiple items
ja | en

We introduce examples combining multiple implicit condition specifications and authority management.

The access level can be calculated by "combination" of multiple items of a model. At this time, let's realize the requirement that only users with the access level want to view the data.

Here is an example.For items shipped from a factory, judgment processing shall be performed under the following conditions.

Reference item Judgment
(1) "The non-determination process" is completed "Not determined result" corresponds to private
"Not determined" is not applicable Release
If the "non-determination process" is not yet completed private
(2) "Status" is before approval private
"Status" is before certification private
'Status' is approved Release
(3) "Product type" is general item Release
"Product type" is custom private

Also, for the above 1 to 3, we prepare the following access level table.

Access level conditions Description processing
Level 4 (1) and (2) and (3) Open to the whole world Publish the corresponding product
Level 3 (1) and (2) Published to Asian region
Level 2 (3) Open to the public
Level 1 Internal Limited

First log on as a system administrator (admin) and register a test user. Here we have created accounts with level 1 to level 4 principals, respectively.

Figure 1 Test Account List

Grant "general user" and "level 1" to the principal of the level 1 account.Similarly, "level 2" is assigned to the level 2 account, "level 3" to the level 3 account, "level 4" to the level 4 account respectively.

Figure 2 Level 1 account example

Next, we will create a product (test model).When entering each item, the access level value is automatically calculated.

Figure 3 Creating a test model

Prepare a test model of the access level for each.

Figure 4 List of prepared test models

Log on with an account with access level 1.Only access level 1 data can be viewed.

Figure 5 Only access level 1 data can be viewed

Log on with an account with access level 2. Access level 1 and level 2 data can be viewed.

Fig. 6 Data of access levels 1 and 2 can be viewed

Log on with an account with access level 3. Access level 1, level 2, level 3 data can be viewed.

Figure 7 Data at access levels 1, 2, 3 can be viewed

Log on with an account with access level 4. You can view data of all access levels.

Figure 8 All levels of data can be viewed

The models prepared in the sample are as follows.

Figure 9 Model definition list

Items used in this sample are shown below.

Fig. 10 Items to be used

Prepare "access level" as integer type.Assume that it is obtained by the following calculation formula.

IF(
  AND(
    ${gaihihantei#id}==2,
    ${gaihihanteikekka#id}==2,
    ${status#id}==3,
    ${seihinsyubetsu#id}==1
  ),
  4,
  IF(
    AND(
      ${gaihihantei#id}==2,
      ${gaihihanteikekka#id}==2, 
      ${status#id}==3
    ), 
    3, 
    IF(
      ${seihinsyubetsu#id}==1, 
      2,
      1
    )
  )
)
Fig. 11 Calculation formula setting

In addition, for multiple access level items, set multiple implicit conditions.

In the implicit condition setting, there is an option "Do not apply (ignore) this implicit condition if the specified authority is satisfied".We will make use of this function.

Figure 12 Setting implicit conditions for access level

When multiple implicit conditions are specified

If more than one implicit condition is specified, these implicit conditions are treated as "and" conditional expressions. In the case shown here, the following conditions will apply.

The "access level" item is "smaller than 1" and "smaller than 2" and "smaller than 3" and "smaller than 4" (when "unauthorized authority" is not taken into consideration)

Considering "unauthorized authority" to this, it becomes as follows.

For users with access 1 authority

The implicit condition operates as follows.

"Access level" items are "smaller than 2" and "smaller than 3" and "smaller than 4"

However, since the condition "smaller than 2" includes "smaller than 3" and "smaller than 4", as a result, the condition that the "access level" item is "smaller than 2" is applied Become.

For users with access1, access2 authority

The implicit condition operates as follows.

"Access level" item is "smaller than 3" and "smaller than 4"

However, since the condition "smaller than 3" includes "less than 4", the condition that "access level" item is "smaller than 3" will be applied as a result.

Setting permissions

Prepare authority.We prepare "principal" assigned to each user and "permission" corresponding to each principal.

Figure 13 Principal and permission design