Attachment Category form
|
|
Use this tab to restrict user operations for attachments of this category and work type based on privileges and when rule. GRP-463 5.5 The user must meet all when rule restrictions and at least one privilege to gain access.
See How to use attachment categories.
Access Control List by Privilege
Complete this optional array to limit user capabilities for attachments of this category based on privilege rules. If blank, no privilege is required. However, when rules (if specified in the Access Control by When Rule array) still apply. If an operation checkbox is not selected (blank), the qualified user cannot perform it.
Field |
Description |
Access Control List by Privilege |
The order of rows in this array is not significant. When multiple rows associate a privilege and a capability, a user must hold at least one of the privileges. |
Privilege Name |
Select a Privilege Name — second key part of a privilege rule. When you save the rule, the system uses the Applies To class of this attachment category to validate the privilege name. |
Create |
Select to grant the ability to add attachments of this category to only those requestors who hold the privilege in the Privilege Name field. |
Edit |
Select to grant the ability to edit attachments of this category to only those requestors who hold the privilege in the Privilege Name field. Permission to Edit implies permission to View. |
View |
Select to grant the ability to view attachments of this category to only those requestors who hold the privilege in the Privilege Name field. |
Delete Own |
Select to grant the ability to delete attachments of this category that they added earlier to only those requestors who hold the privilege in the Privilege Name field. |
Delete Any |
Select to grant the ability to delete any attachments of this category to only those requestors who hold the privilege in the Privilege Name field. Permission to Delete Any implies permission to Delete Own. |
For an example, see the PDN article How to enable attachment security using attachment categories.
Attachment category rules do not allow anyone to delete correspondence items, a special form of file attachment. The system retains correspondence as a permanent record of information that was conveyed to an outside party or system.
Access Control List by When Rule
Complete this optional array to limit user capabilities for attachments of this category based on when condition rules. If this array is blank, there are no when condition tests for access. However, privileges (if specified in the Access Control List by Privilege array) still apply. If an operation checkbox is not selected (blank), the qualified user cannot perform it.
Field |
Description |
Access Control List by When |
The order of rows in this array is not significant. When multiple rows associate a when condition rule and a capability, all of the when rules must evaluate to true. |
Rule |
Enter the When Name key part of a when condition rule. Rule resolution uses this name and the Applies To key part of this attachment category rule to find the when rule. You can reference the standard rule @baseclass.always to enable capabilities. |
Create |
Select to grant the ability to add attachments of this category to runtime environments where the when rule evaluates to true. |
Edit |
Select to grant the ability to edit attachments of this category to runtime environments where the when rule evaluates to true. |
View |
Select to grant the ability to view attachments of this category to runtime environments where the when rule evaluates to true. |
Delete Own |
Select to grant the ability to delete attachments of this category that the same operator added to runtime environments where the when rule evaluates to true. |
Delete Any |
Select to grant the ability to delete any attachment of this category to runtime environments where the when rule evaluates to true. |
Additional Security Options
Field |
Description |
Enable Attachment Level Security |
Select to allow the operator who attaches a file attachment of this category to identify one or more work groups that have access to the attachment. This attachment-level restriction, if enabled, operates in addition to and independently of any restrictions defined on this tab for the category. For an example, see PDN article How to control access to categorized attachments. |