Permissions
The configuration of permissions is available from the Administration screen. A section named Permissions gives access to Users and Roles, Access rights on the different Data categories and Access rules.
Users
The Users menu displays your organization team members who have access to TIBCO Cloud™ Metadata. Information related to the contact, avatar and roles can be edited. First name, last name, email address and built-in roles are coming from the configuration of your subscription to TIBCO CIC and cannot be edited from here.
Roles
A list of roles has been predefined but none is mandatory for the operation. The predefined roles can be modified or deleted. You can also create your own roles with no limit in number. These roles can then be given to users either from the role’s details or from the user’s details.
Access rights
Default access rights are set on every data entity of every category according to what each role is expected to do. This is a default configuration that can be easily changed by accessing the categories under the Access right menu. By defining access rights, we specify for every element that can be an entity, one of its fields or a set of those, if it is displayed and if so, if it is editable for a given user’s role. Access rights are also applicable to operations such as the creation of new records and services such as the import and export of files.
Access rules
When access rights are involving user roles and data structure, access rules are restricting them according to data values. They can be applied either to the occurrences of an entity or to a field. If the field is left undefined, the access rule will determine the access to every occurrence. The example below is ruling the access to occurrences of the Application: All applications containing the word ‘Secret’ in their label will be hidden to business users. The condition is expressed as an XPath predicate starting at the root of the entity where every field must be seen as a step in the path. The supported XPath syntax is documented here.