Actions and access control

An Access Control hook is used to determine whether a specific user is permitted to execute an action on records of a particular record type. This hook is called before the user tries to execute the action. If the hook prevents the action from running, nothing further is done and no changes are made to the record.

Access to an action for a specific record type can be restricted through HCL Compass Designer by setting the authorization of the Access Control field in the Actions table for that record type.

By default, all users have access to all actions. However, you can restrict access to an action to specific user groups. For example, you can limit the ability to close defects to one specific user group.

Alternately, access to an action can be restricted by using an access-control hook script. For example, to restrict the ability to edit an Entity (that is, a record), an action access control hook can be written so that EditEntity (or BuildEntity) could be accessed only by users with the appropriate privileges. Or, a hook could restrict access to the action Open for Development to the owner of the record.

Hooks always run with SuperUser privileges and therefore, are not subject to the usual access control or field behavior restrictions. For example, a hook could modify a field that is normally read-only. However, a hook cannot modify HCL Compass system fields, such as the History field.

When a hook executes, required fields remain required, although a hook can dynamically change a required field so that it is no longer required, or can change a nonrequired field to required.

A hook does not change field validation rules, so data must still comply with those rules.