HOPEX Aquila EN

PLATFORM - Administration (Web) > Accesses > Big Picture: Access Management > Access Restrictions

Access Restrictions

User accesses to products, UI, or objects can be restricted by:

• the profile used at connection

• the user

• the group used at connection

Profile level

The profile defines the HOPEX desktop (one or several) that the user can access.

The profile restricts:

• specific product writing or reading access (via its Command Line)

• object UI access (via Create, Reade, Modify, Delete, Search Permissions) that is sufficient for the profile

• general UI access (via Availability) that is sufficient for the profile

• metamodel or feature access (via the Profile options) that is sufficient for the profile

• (optional) dynamic data reading or writing access (via Data access rules linked to the profile)

User level

The user properties restrict:

• writing or reading access to specific products (via his/her login Command Line, if any)

• metamodel or features access (via the user Options)

• static data writing access (via the Writing access diagram): the person can modify the objects belonging to his/her writing access area

• (optional) static data reading access (via the Reading access diagram): the person has access to the objects belonging to his/her reading access area

Group (used at connexion) level

The group properties restrict:

• specific product writing or reading access (via the group login Command Line, if any)

• static data writing access (via the Writing access diagram): the person can modify the objects belonging to the group writing access area

• (optional) static data reading access (via the Reading access diagram): the person has access to the objects belonging to the group reading access area

Rules

Command line rule

The Command Line field is available at both profile and user levels.

If both the profile and the user have access to products restricted by the Command Line attribute, products accessible to the user are at the intersection of the values of the Command Line attribute of the user and profile.

Option rule

Options are governed by an inheritance mechanism Environment > Profile > User.

Options enable in particular to modify the metamodel or features visibility.

• the profile inherits the option values defined at environment level

To modify the profile options, see Modifying options at profile level.

• the user inherits the option values defined at connection profile level

To modify the user options, see Modifying options at user level.

An administrator can modify or lock an option at environment level, at profile level, or even at a specific user level.

To manage user options, see also Managing User Options and Options.

A user can modify his/her own options, for example to modify his/her metamodel access or features visibility.

See Options and Extending the Visibility (Metamodel or Advanced Features).

Customization rule

Customizations at user level (e.g.: data language modification) are also of highest priority, followed in order of priority by those made at profile and environment levels.