Context Access Control
- Last UpdatedSep 07, 2023
- 4 minute read
Context Access Control allows the Dashboard to be configured so that only items with certain contexts can be viewed by a user. The access seen by a user is dependent on the role the user is in.
Context Access Control allows an administrator to manage and restrict the contextual data a user has access to while using the AIM Dashboard. This is achieved by configuring the list of contexts a user can see (allowed contexts) and cannot see (denied contexts) for a given AIM Dashboard role.
The Administrator role is required to manage Context Access Control.
Navigate to the following page in the Settings dialog and select the role to be configured.
NOTE: Only custom roles will appear here, so only custom roles can be configured in this way.
If no settings are specified everyone has access to all data (as far as Context Access Control settings are concerned).
To configure the Context Access Control, define the following three fields:
-
Allow
The list of contexts that are allowed to be accessed by a given role.
You can provide multiple values by separating them with a comma.
For example: Site1, Site2|Project1
-
Deny
The list of contexts that are not allowed to be accessed by a given role.
You can provide multiple values by separating them with a comma.
For example: Site1, Site2|Project1
-
Allowed root items in Browse
This should be the list of items (full IDs) which are allowed to be shown as root nodes in the Browse panel. This is independent of the allow and deny Context Access Control configurations.
You can provide multiple values by separating them with a comma and percent can be used to match multiple characters.
For example: Item1, Item2%
This is required if a Browse root node is not accessible according to the user’s Context Access Control configuration, but the node is still required to start the breakdown.
This configuration ensures that the root node is visible to the user, so that a user can then expand the root node. Though they will still only see items below the root node that they have access to according to the allow and deny settings of the Context Access Control configuration.
Notes:
-
It is recommended to not add more than 10 assets in total to the Allow and Deny lists.
-
The Deny setting takes precedence over the Allow setting.
-
Independent of the Allow/Deny configuration, all users will have access to VNET System data. For example sets, query forms, export definitions and so on.
-
If there is any custom home page defined which is classified under the CL_HomePage class, then it will be visible to all users irrespective of the Context Access Control configuration.
Example Configurations
With a hierarchy of contexts, if the Allow and Deny values are left unset, then all users will have access to all data.
To give a specific role access to only PROJ1 data, then configure Context Access Control as Allow = SITE1|PROJ1. The diagram below represents the data access a user will have in this case. In this case, if the breakdown node in Browse starts from SITE1, then configure the Allowed root items in Browse = SITE1, so that users can see the root node. However, when expanded, only SITE1|PROJ1 data will be visible.
To deny access to only TAGS data, then configure Context Access Control as Deny = SITE1|PROJ1|TAGS,SITE2|PROJ2|TAGS. The diagram below represents the data access a user will have in this case.
To provide access to only SITE1|PROJ1 data, but not SITE1|PROJ1|TAGS, then configure Context Access Control as Allow = SITE1|PROJ1 and Deny = SITE1|PROJ1|TAGS. The diagram below represents the data access a user will have in this case.
