Access Control File Code Block
The following code block displays all of the possible tags that you can use in an access control file in the access {} tag.
NOTES:
- You can use only one if tag per parent tag. Multiple if tags are listed here for completeness and ease of use for copy and paste.
- For <value list> values, list each value as a separate string. For example:
values "first value" "second value" "third value"
Access
access {
inherit-from-parent-folder
}
NOTE: The inherit-from-parent-folder tag cannot be used at the project root level as there is no parent folder to inherit from.
File Access
file-access { allow-read { if-group <group> if-property <property> <value list> if-user <user> } allow-write{
if-group <group> if-property <property> <value list> if-user <user> } }
cBase Access
cbase-access {
restrict-columns <columns>
allow-columns <columns> {
if-group <group> if-property <property> <value list> if-user <user> }
allow-all-rows { if-group <group> if-property <property> <value list> if-user <user> } limit-rows-by-filter { filter <expression> if-group <group> if-property <property> <value list> if-user <user> } limit-rows-by-property { column <column> property <property> if-group <group> if-property <property> <value list> if-user <user> } limit-rows-by-username-column { column <column> if-group <group> if-property <property> <value list> if-user <user> } limit-rows-by-values { column <column> values <values> if-group <group> if-property <property> <value list> if-user <user> } }
DiveTab Access
divetab-access { restrict-areas <id> <id> <id> allow-area <id> {
if-group <group> if-property <property> <value list> if-user <user>
}
}
Model Access
model-access {
restrict-columns <columns>
allow-columns <columns> {
if-group <group> if-property <property> <value list> if-user <user> }
limit-dimension { dimension <dimension> values <value list>
if-group <group> if-property <property> <value list>
if-user <user> }
limit-dimension-by-property { dimension <dimension> property <property> if-group <group> if-property <property> <value list>
if-user <user> }
limit-dimension-by-username { dimension <dimension> if-group <group> if-property <property> <value list>
if-user <user> }
limit-dimension-by-groups { dimension <dimension> if-group <group> if-property <property> <value list>
if-user <user> }
NOTE: The delete-columns tag is deprecated; use the new restrict-columns and allow-columns tags instead. The delete-columns syntax still works and is available for migration situations. Workbench will suggest updating the model access when it detects the deprecated tags in use, or discrepancies between the client and server versions. If you attempt to mix the old and new tags, the DiveLine server denys access to the model.
delete-columns <column list> { if-group <group> if-property <property> <value list>
if-user <user> }
Audit Rules
audit-rules { audit { trigger <dimension> trigger <dimension> column <log column> column <log column> if-group <group> if-property <property> <value list> if-user <user> }
}
Project Access
project-access { allow-user <user> allow-user <user> allow-group <group> }
project-access { allow-all-users }
See also:
- About Access Control
- Access Control File Samples
- Access Control Model Sample
- Access Control File Tags
- Audit Logging
- Properties Overview