Managing Data Access Dynamically
Writing and reading access diagrams define data access statically. A person sees objects belonging to his/her reading access area, and can modify objects belonging to his/her writing access area.
You can define dynamic rules for reading or writing data access.
Dynamic rule:
• applies to an object for given profiles
• is defined by a macro
Attention regarding confidentiality management
An object is associated with a confidentiality level and you must be careful while setting up dynamic data access rules.
• Static mode:
Confidentiality management is taken into account through reading and writing access diagrams, as they both manage data access statically.
• Dynamic mode:
Confidentiality management might not be always taken into account through data access rules, as they manage data access dynamically.
When a user generates certain types of documentation (e.g.: Web site, report), this documentation is generated with the data access rules of the person who generates it. Once cached, this documentation might not take into account the confidentiality of the user who will read this documentation (e.g.: Web site, report), which might not follows the same data access rules.
Implementing a dynamic data access rule
A dynamic data access rule:
• defines for a person, his/her reading or writing access rights on a given object
The rule can be applied to several objects.• can be based on characteristics of an object, a person, or an object and a person
• can be called at object creation
• can be associated with one or several profiles
By default the rule is associated with all the profiles.To manage dynamic data access on an object, you must implement a permission rule:
1. Create the macro for the permission rule.
For information on writing the macro, see HOPEX Power Studio > Using APIs: Optimizing the macro of a dynamic data access rule.2. Create the permission rule.
3. (If needed) Define the profile to which the rule applies.
By default the rule applies to all profiles.
4. Associate the permission rule with the object concerned by the rule.
The rule may apply to several objects.
Creating a permission rule (data access rule)
A permission rule is defined by a macro. A permission rule can define reading or writing access rights on an object.
To create a permission rule:
1. In HOPEX (Windows Front-End), from the HOPEX explorer, click Create 
.
.2. Select Data Access Rule and click OK.
3. In the Creation of Data Access Rule dialog box, enter a Name for the rule and click OK.
4. Access properties of the rule.
5. In the Characteristics tab, in the Macro field, click the arrow and connect the macro that manages the rule.
6. In the Data Access Type field, select the data access type (Reading or Writing).
In the User Profile frame, if no profile is connected to the rule, the rule applies to all profiles.
7. (To call the data access rule at object creation) In the Texts > _Settings tab enter:
[General]
RelaxCreationTime=0
Associating a permission rule with a profile
To associate a dynamic permission rule with a profile provided by MEGA, see Customizing the Characteristics of an Existing Profile / Creating a Profile from an Existing Profile.To associate a permission rule with a profile:
1. Open permission rule properties.
Example: "Action Plan - Writing"
2. Click the Characteristics tab.
3. In the User Profile frame, click Connect 
and select the profile with which you want to associate the permission rule.
and select the profile with which you want to associate the permission rule.You can connect several profiles.Associating a permission rule with an object
To associate a dynamic permission rule to an object, you must have rights to modify HOPEX data, see Managing HOPEX Data Customization.To associate a permission rule with an object:
1. Open object properties.
Example: MetaClass “Risk”.
2. Select the Data Access tab.
3. In the Data Access Rule frame, click Connect and select the rule you want to associate with the object.
and select the rule you want to associate with the object.