Security Options
Conceptual objects must be defined to use one of three possible security implementations to define the level of user privileges to assign to objects within a hierarchy. Object security in OneData can be implemented to be inherited from the root-level (top-level) object or evaluative, in which the most conservative security setting is applied to child-level objects.
OneData provides the following object security options:
Conservative: Evaluative security.
OneData compares the privileges of the child entity with the privileges of the conceptual (root-level) object and applies the most conservative security to the child object. This security option overrides entity-level privileges if the root-level security is more conservative that of the child entity.
Entity Based: Non-evaluative security.
OneData applies the security privileges as they are assigned to each object. For example, if the user-privileges in the conceptual object are read-only and edit in the child object,
OneData implements the security as assigned to the entity, allowing the user to edit the child object and view the conceptual object.
Root Based: Inheritance and override security.
OneData applies the security assigned to the root-level object to the child object, overriding the entity-based child-level security. For example, if a user has edit privileges for the root-level object and read only privileges for the child-level object, the user will have edit permissions for both objects. Similarly, if the user has read-only privileges on the root-level object and edit privileges for the child object,
OneData overrides the edit privileges for the child object and grants the user only view privileges for both objects.
The following table provides an example of how OneData implements user-level privileges when the conceptual object is assigned conservative or root-based security.
User-Level Privileges | Override User-Level Privileges |
Top-Level Object | Child Object | Conservative Security | Root-Based Security |
Insert | View | View | Insert |
View | Insert | View | View |
Insert | Edit | Edit | Insert |
Edit | Insert | Edit | Edit |
Edit | View | View | Edit |
View | Edit | View | View |
Edit | Edit some columns | Edit some columns | Edit All |
Edit some columns | Edit | Edit some columns | Edit limited |
Delete | No Delete | No Delete | Delete |
No Delete | Delete | No Delete | No Delete |
Note: | Security is unrelated to the conceptual object view as parent-child, advanced parent-child, or tree view. |