These rules allow you to specify access to each row and field. These rules can be defined on the
Evaluation
When evaluating the access right to the row/field an access control list is created from all the rules on the entity (both entity- and field-level combined) and is ordered by priority ascending.
Then the rules are evaluated and the first satisfying rule will be applied. It works similar to a network router ACLs for those familiar with them.
Example
The following rules are defined on the entity level:
| Priority | Name | Role | Rule |
|---|---|---|---|
| 10 | Deny_Update_ABCD | ABCD | - |
| 999 | Allow_* | * | - |
If the user has an application role ABCD assigned the first rule evaluates as satisfying and is applied, making the row read only.
If the user does not have the application role ABCD assigned the first rule is skipped and the next rule evaluates. As it does not have any role or rules set, it evaluates to true and everything is allowed.