By means of access definitions the ACLs for each single status of an object are defined.
An access definition is structured as follows:
Example for ACL assignment: According to the access definitions shown above, for a free object with status “In Process” the ACL ACL for Documents: In Process applies.
Note: The state of an object can be seen on the “Document” tab in the Document State field.
Access Definitions are selected on the “Security” tab in the Access Definition field. The ACL calculated from the access definition is entered in the ACL Object field. Per default business objects (Record, Case, Incoming, Outgoing) obtain the Standard Access Definition for Documents. Content objects per default do not get an access definition, except in the object class on the “Object Class” tab Allow Access Definition has been selected and the access definition has been propagated (see chapter “Propagating Access Definitions”).
If an access definition is defined the ACL object cannot be changed.
If an access definition is removed, still the ACL is valid for the object. The ACL object can then be changed.
On the "Security" tab in the ACL Object field an ACL for the object can be selected. The ACL object can only be changed if no access definition has been set.
On the “Security” tab the Referenced Object field is available. If an object is entered in this field, the security settings of the referenced object are taken.
A referenced object is automatically entered in child business objects and content objects, if the condition for propagation is satisfied (see “Propagating Access Definitions”).).
The following settings are taken from the Referenced Object:
To define own security settings (independent from the Referenced Object), the referenced object has to be removed from the Referenced Object field. Subsequently, the Access Definition and the ACL Object can be changed.
In some cases one would like to prevent the use of the referenced object for automatically evaluating the ACL and use another ACL for the current object instead. In Fabasoft Folio there are two possibilities to disable automatic referencing.
For objects of the object class Document Category the property Disable Automatic Use of Referenced Object is available. If this property is selected, the referenced object is not automatically set when objects of this document category are recorded. Instead only the access definition and the ACL are entered. Subsequently, the entered ACL is evaluated on the current object.
When changing the property Disable Automatic Use of Referenced Object of a document category, the existing objects of this document category remain untouched. The property Disable Automatic Use of Referenced Object is only evaluated when recording, rerecording or derecording an object.
Exception: The property Disable Automatic Use of Referenced Object is not evaluated if a content is recorded to a document. In this case, the document is always entered as referenced object for the content, because the content and the document form a unit.
Analogously to the document category, the Disable Automatic Use of Referenced Object property is also available in object classes. By means of this property the use of the referenced object can be disabled domain-wide for a specific object class.
Note: If the use of the referenced object is deactivated for an object class, this cannot be overridden by the document category and so be canceled. By means of the Disable Automatic Use of Referenced Object property, the use of a referenced object can only be prevented and it is not possible to override a disabled referencing.
Security settings are propagated to child business objects and content objects as a Referenced Object. The access definition is specified in the object class in the Default Access Definition for New Objects field (“Object Class” tab). An inheritance is possible considering the following condition:
Examples:
If in the object class the Default ACL for New Objects is defined, the new created object gets this ACL. The ACL applies only to objects of this object class and is not inherited.
Exception: A folder in a business object (a recorded folder) does not inherit the security settings, because it is only used for structuring the business object. Per default the folder gets the Default ACL for Registered Folders. However, the ACL for each state can be defined analogously to the documents via access definition. The default ACL can be defined in the Folio configuration (see “Configuration of Access Definitions”).
Templates take a special position in regard to security settings.
In the Folio configuration on the “Other” tab in the fields Default ACL for Templates and Default ACL for Registered Folders their default ACLs can be defined.
Access Definitions can only be selected in object classes that are listed as Allowed Classes in the Access Definition. End users have the following options to specify security settings: