3.11 Item access control
JP1/Service Support has functionality that controls access to Items. This functionality grants specific users specific access permission on a process work board basis. Because this functionality ensures that only appropriate users can manipulate Items, Items can be managed more safely. You can set access permissions from the Edit permissions window or by using the jssaclimport (import access permission information) command.
The following figure shows an overview of access permission settings.
|
|
![[Figure]](GRAPHICS/ZU021500.GIF)
Access permission can be set on an operation basis, such as Item creation and Item editing. For Item editing, more fine-grain access permission can be set based on the status (for example, Received or Close). Access permission can be set for individual process work boards, but cannot be set for individual Items. However, by enabling the option to set view permissions for individual Items in a process work board, you can designate users as view permission owners for specific Items in that process work board.
When using the Item storage database, stored Items can only be viewed even if an access permission other than view permission is set for the target process work board.
Setting view permission for individual Items
The option to set view permission for individual Items applies at the process work board level. You can assign view permission for individual Items for Items registered in a process work board with this option enabled. For an operation example of a system in which view permissions are set for individual Items, see 1.3.5 Controlling view permissions for individual Items.
- Tip
-
View permissions for individual Items are assigned based on roles. That is, you plan the roles that are to have view permissions for individual Items, and set the roles as view permission owners for individual Items as needed. For details on how to plan access permissions when setting view permissions for individual Items, see 5.2.3(5) Operation example (setting view permissions for individual Items).
When view permissions are set for individual Items in a process work board, you might wish for a particular user to be able to view every Item registered in the process work board. You can achieve this by assigning the work management role (system management role) to the user. The following users can view the Items in a process work board even if they are not Item view permissions owners:
-
Process work board managers
-
Users who belong to the process work board management role (system role)
When using the Item storage database, suppose that you enable view permission for individual Items in a process work board after storing its Items in the Item storage database. In this case, only the above users can view those Items in the Item storage database. If you want the stored Items to be accessible to other users, you need to register the Items again as new Items. When registering the Items again, set the relevant users as view permission owners for the new Items. For details, see 9.13 Setting an environment in which view permissions are set for individual Items. You can streamline the process by creating new Items based on the existing ones. For details, see 3.5.2 Creating Items based on existing Items.
- Organization of this section