Back Forward How the system assembles and uses your RuleSet list

Concepts and terms

  Show all 

When managing access control, it is important to understand how the system develops and uses a user's RuleSet list. PROJ-1318 C-1852

 Overview

The RuleSet list of any requestor is an ordered list of RuleSets and optionally specific versions or initial portions of a version number for each RuleSet. Process Commander assembles the list during log in, from several sources. Thereafter, the rule resolution algorithm uses this list to determine which rules are visible and so available to be run for that requestor.

To see your current RuleSet list:

In the Profile display window, locate the list labeled RuleSets. If you have a personal RuleSet (named to match your Operator ID), it appears as the top entry on the list.

 Your RuleSet list is assembled bottom-up

For authenticated users, the RuleSet list is assembled during log in, from partial lists contained in several sources. The order of RuleSets and versions in the RuleSet list is significant, and is preserved as the system assembles the list.

The system adds RuleSets and Version entries it finds in these rule and data instances to the top of the list, so the entries near the bottom are those it found earliest. However, for each source of RuleSets for this list (such as an access group) that contains more than one RuleSet to be added, the system adds starting at the bottom of that array.

This technique preserves the final order. For example, if the RuleSet named Mortgage appears directly above the RuleSet named AllLoans in the General tab of an application rule, then Mortgage is directly above AllLoans in the assembled RuleSet.

 The RuleSet list has file sub-lists in two layers

A completed RuleSet list contains up to five sub-lists of RuleSet versions, arranged in two layers. Order is significant at the layer, sub-list level, and within each sub-list:

 Five data instances contribute to the RuleSet list

During log in, the system starts with an empty list and retrieves information from five data instances, in the order listed.

C-1818 The first four of these five sources typically reference an application rule (Rule-Application rule type) that lists RuleSets and versions. That application rule may reference another application rule as prerequisites

If you update and save an application rule or access group, all the requestor sessions associated with these instances are immediately affected with an updated RuleSet list.

OldIn Version 4, changes to RuleSet lists in an application rule or access group took effect only for those users who logged in after the change.

 The access group and the application rule contribute

The RuleSets to which the operator has access are assembled from two sources:

  1. Three lists on the General tab of the Application rule:
    1. Application RuleSets
    2. Production RuleSets (Customization)
    3. Component and Shared RuleSets
  2. The Production RuleSets list on the Layout tab of the user's current Access Group.

When processing an application rule, the approach is depth-first. That is, if the Application rule contains a prerequisite application rule (in the Built on Application field), RuleSet versions in the prerequisite application rule (or its prerequisites) are added first. Then the RuleSet versions in the Application RuleSets list are added, followed by those in the other lists.

This processing may result in duplicate entries in the RuleSet list. For each set of duplicates, all matches are dropped except the highest one. GAGNJ 11/20/06

 How the system uses the RuleSet list

Each requestor's use of the system continually causes the system to search for a rule instance. This sophisticated search, known as rule resolution, uses properties from many sources to find the most appropriate rule for the current need, including class inheritance, security and access control restrictions, and the RuleSet list.

During rule resolution, the system:

Many other factors, including unavailable, final, or blocked rules, time-based rules, circumstances, and access control influence this process.

Definitions access group, application rule, available rule, circumstance, component RuleSet, override RuleSet, private RuleSet, profile, rule check-out facility, rule resolution, shared RuleSet
Related topics How the system finds rules through rule resolution

UpConcepts