Access Control File Code Block

The following code block displays all of the possible tags that you can use in an access control file in the access {} tag.

NOTES:

  • You can use only one if tag per parent tag. Multiple if tags are listed here for completeness and ease of use for copy and paste.
  • For <value list> values, list each value as a separate string. For example:
    values "first value" "second value" "third value"
access {
    inherit-from-parent-folder
}

NOTE: The inherit-from-parent-folder tag cannot be used at the project root level as there is no parent folder to inherit from.

file-access {
    allow-read {
      if-group <group>
      if-property <property> <value list>
      if-user <user>
  }
    allow-write{
      if-group <group>
      if-property <property> <value list>
      if-user <user>
  }
}

cbase-access {
    restrict-columns <columns> 
    allow-columns <columns> {
      if-group <group>
      if-property <property> <value list>
      if-user <user>
    }
    allow-all-rows { 
      if-group <group>
      if-property <property> <value list>
      if-user <user>
    }
    limit-rows-by-filter {
      filter <expression>
      if-group <group>
      if-property <property> <value list>
      if-user <user>
    }
    limit-rows-by-property {
      column <column>
      property <property>
      if-group <group>
      if-property <property> <value list>
      if-user <user>
    }
    limit-rows-by-username-column {
      column <column>
      if-group <group>
      if-property <property> <value list>
      if-user <user>
    }
    limit-rows-by-values {
      column <column>
      values <values>
      if-group <group>
      if-property <property> <value list>
      if-user <user>
    }
}

divetab-access {
    restrict-areas <id> <id> <id>
    allow-area <id> {
      if-group <group>
      if-property <property> <value list>
      if-user <user>
    }
}

model-access {
  restrict-columns <columns> 
  allow-columns <columns> {
    if-group <group>
    if-property <property> <value list>
    if-user <user>
  }
  limit-dimension {
    dimension <dimension>
    values <value list>
    if-group <group>
    if-property <property> <value list>
    if-user <user>
  }

  limit-dimension-by-property {
    dimension <dimension>
    property <property>
    if-group <group>
    if-property <property> <value list>
    if-user <user>
  }
  limit-dimension-by-username {
    dimension <dimension>
    if-group <group>
    if-property <property> <value list>
    if-user <user>
  }
  limit-dimension-by-groups {
    dimension <dimension>
    if-group <group>
    if-property <property> <value list>
    if-user <user>
  }

NOTE: The delete-columns tag is deprecated; use the new restrict-columns and allow-columns tags instead. The delete-columns syntax still works and is available for migration situations. Workbench will suggest updating the model access when it detects the deprecated tags in use, or discrepancies between the client and server versions. If you attempt to mix the old and new tags, the DiveLine server denys access to the model. 

  delete-columns <column list> {
    if-group <group>
    if-property <property> <value list>
    if-user <user>
  }

audit-rules {
  audit {
      trigger <dimension>
      trigger <dimension>
      column <log column>
      column <log column>
      if-group <group>
      if-property <property> <value list>
      if-user <user>
  }
}
project-access {
  allow-user <user>
  allow-user <user>
  allow-group <group>
}
project-access {
  allow-all-users
}

See also: