Part 2: Create the Rules

This example requires you to create three rules—all on the Sjob object.

Important: If you use this example as a template for a rule in your own system, it is imperative that you create the three rules in the same order shown here. The order is crucial.

  1. In the Tree View, click on the name of the role you are adding.
  2. To add a rule, view the Role, them click on the Rules tab.

The system displays the Security Rules page for the role, as shown in Figure 2-57:

Figure 2-57: Beginning a new rule for the new role

  1. To add a rule, click on the yellow star button to add a new item, as shown in Figure 2:

Figure 2-58: Click the yellow star (new item) button

The sections that follow explain the setup for three rules used to attain the end result.

1st Rule: Allow Role to Read “Request” Jobs

The first rule is an ALLOW rule on SJob for jobs in a “Request” state:

Figure 2-59: 1st new rule: Rule Setup sub-page

  1. Fill out the fields on the Rule Setup page. Be sure to enter a description similar to the one in Figure 3 above to inform future users of what the rule accomplishes.
  2. [Optional] Press F11 to save the settings.

It is never a bad idea to save your modifications as you go through each tabbed sub-page.

  1. Click on the Record Rights sub-tab:

Figure 2-60: 1st new rule: Record Rights sub-page

  1. Ensure the check box is checked.
  2. Enter the following SQL in the text field:

state = ‘Request’

  1. Click on the Field Rights sub-tab:

Figure 2-61: 1st new rule: Field Rights sub-page

You want all the fields to be viewable, just so that any user assigned to this role can see everything.

  1. Click the Mark All button to the right of the Allow viewing fields column to select all the available fields.

Make sure to check the button that is on the left side of the screen, as the other side allows the user to have complete access to the records.

  1. Click on the Function Rights sub-tab.

This sub-page controls the actions done to the allowed records controlled by this rule. You want to allow the user to only view jobs in the request state.

  1. Put a check in the Read check box only.
  2. Press F11 to save the rule.

2nd Rule: Deny Role from Updating “Request” Jobs

The second rule is a DENY rule on SJob to prevent updating a “Request” job:

Figure 2-62: 2nd new rule: Rule Setup sub-page

  1. Fill out the fields on the Rule Setup page. Be sure to enter a description similar to the one in Figure 6 above to inform future users of what the rule accomplishes.
  2. [Optional] Press F11 to save the settings.
  3. Click on the Record Rights sub-tab:

Figure 2-63: 2nd new rule: Record Rights sub-page

  1. Ensure the check box is checked.
  2. Enter the following SQL in the text field:

state = ‘Request’

  1. Click on the Field Rights sub-tab:

Figure 2-64: 2nd new rule: Field Rights sub-page

You want all the fields to be marked as “deny changing,” just so that any user assigned to this role can see everything—but not modify the values.

  1. Click the Mark All button to the right of the Deny changing fields column to select all the available fields.

Ensure to check the button that is on the left side of the screen, as the other side allows the user to zero access to any of the records.

  1. Click on the Function Rights sub-tab:

Figure 2-65: 2nd new rule: Function Rights sub-page

The settings on this sub-tab will control the actions done to the allowed records controlled by this rule.

  1. Press F11 to save the rule.

3rd Rule: Allow Role to Run, Delete, Update Jobs Other Than “Request”

The third rule is a ALLOW rule on SJob to run, delete, and update jobs other than a “Request” job:

Figure 2-66: 3rd new rule: Rule Setup sub-page

  1. Fill out the fields on the Rule Setup page. Be sure to enter a description similar to the one in Figure 2-66 above to inform future users of what the rule accomplishes.
  2. [Optional] Press F11 to save the settings.
  3. Click on the Record Rights sub-tab:

Figure 2-67: 3rd new rule: Record Rights sub-page

  1. Ensure the check box is checked.
  2. Enter the following SQL in the text field:

state = ‘Request’

  1. You do not need to do anything on Field Rights as you are granting all access to the jobs.

Basically, this is the rule that tells the system that the role can submit and run jobs. You only need to define Rule Setup & Record Rights and can leave the other tabs empty.

  1. Press F11 to save the rule.