Restricting Data Access: Understanding Permissions

    Thursday, November 21, 2024 By: Thomas SweeneyIn: FAQ's Print

    Introduction:

    This document outlines the process of implementing user-based asset visibility controls in ReadyWorks, specifically focusing on creating security groups to restrict user access to specific assets and data within the platform. This feature is particularly useful for organizations looking to implement granular access controls based on user roles or departments, such as limiting users to only view assets that are relevant to their role and/or organization within your company.

     

    Key Features:

    1. Security Group Creation: Ability to create and configure security groups with specific asset and user visibility settings.
    2. User-Asset Association: Capability to associate users with specific assets or asset groups using lookup fields like "owner" or "user".
    3. Multi-level Lookup Filtering: Support for filtering assets based on lookup fields, including nested lookups up to three levels deep.
    4. Granular Permissions: Ability to set view, update, and edit controls on assets based on user group membership.
    5. Cross-Asset Type Filtering: Functionality to filter visibility across different asset types based on common lookup fields.

     

    Implementation Steps:

    1. Create or identify the target security group.
    2. Add relevant asset types to the security group:
      • Navigate to the security group settings.
      • Under "Assets", add the desired asset types (e.g., "test asset", "user").
      • Set the permission level (e.g., "view") for each asset type.
    3. Configure object-level permissions:
      • Click on the added asset type (e.g., "User").
      • Click the plus sign to add a new object-level permission.
      • Choose the relevant lookup field (e.g., "owner" or "user").
      • Update the security group settings.
    4. Create test assets with different owners/users to verify the configuration.
    5. Create a test user account to validate the security group settings:
      • Ensure the test user is part of the configured security group.
      • Log in as the test user to verify asset visibility.
    6. Add additional lookup fields as needed to refine access controls.

     

    Best Practices:

    1. Start with a test environment or create test asset types before implementing in production.
    2. Use descriptive names for security groups to easily identify their purpose.
    3. Implement the principle of least privilege by default, restricting access and then granting additional permissions as needed.
    4. Regularly review and audit security group configurations to ensure they align with organizational needs.
    5. Document all security group configurations and the rationale behind each setting for future reference.
    6. When dealing with complex nested lookups, map out the relationships before implementation to avoid unintended access issues.

     

    Troubleshooting Tips:

    1. If users can't see any assets after configuring a security group:
      • Verify that all necessary lookup fields have been added to the security group configuration.
      • Ensure the user is correctly assigned to the security group.
      • Check if the assets have the correct owner/user information set.
    2. For unexpected asset visibility:
      • Review the security group settings to ensure all relevant asset types and lookup fields are correctly configured.
      • Verify that the asset ownership or user assignment is correct.
    3. If changes to security group settings don't seem to take effect:
      • Have the user log out and log back in to refresh their session.
      • Clear browser cache or try accessing from a different browser or incognito mode.
    4. When dealing with multi-select lookup fields:
      • Be aware that the current implementation treats multiple selections as an "AND" condition, not an "OR" condition.
      • Configure security groups accordingly, potentially creating separate groups for different combinations if needed.
    5. For issues with report visibility:
      • Note that report permissions are separate from asset permissions and may need to be configured independently.
      • Ensure that users have the necessary permissions to access both the report and the underlying asset data.

     

    Additional Insights:

    • The security model in ReadyWorks is highly flexible but can become complex when dealing with multiple nested lookups or cross-asset type relationships.
    • Consider the impact on performance when implementing extensive lookup-based filtering, especially in environments with large numbers of assets or users.
    • Regular testing and validation of security group configurations is crucial, especially after system updates or changes to asset structures.
    • For multigroup deployments, consider developing a standardized approach to security group creation and management to ensure consistency across the organization.

     

    This documentation provides a foundation for implementing and managing user-based asset visibility controls in ReadyWorks. As with any enterprise software platform, it's recommended to work closely with ReadyWorks Priority Customer Support and always conduct thorough testing in a suitable environment before implementing these controls in production.

    « Previous ArticleNext Article »


    How helpful do you find this article?

     


    Comments

    No records to display

    About the Author
    Thomas Sweeney
    Release Manager /PRM Administrator
    Looking for Something?
    Knowledge Base Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by ReadyWorks - All rights reserved.