security or visibility

hello experts   how to ensure that a user role doesn’t allow to see an attribute on page as best practise? is it by create user role and give nothing or by visibility on page or security on domain model?   and if the answer is in the domain model is it by xpath constraint or choose access right as below  
2 answers

Is the user allowed to read/write everything in that entity, except one attribute? If so, give the user access to the entity and read/write access to all attributes in that entity, except the one he isn't allowed to read/write. If the user is not allowed to read / write anything in that entity, don't give the user access at all to that entity. I hope this answer helps you.


Hi Deena,


To build off of what Christine has said, the most secure way to ensure your data model is only viewed or changed by users with the proper permissions is through entity level access rules in the domain model.

The Read, Write access drop downs in the access rule editor are sufficient if you wish to limit data permissions based upon User Roles.  If your security requirements are more specific than User Role, for instance security at a company or owner level, then you would need to use an Xpath constraint in the access rule.

Hope this helps