Hiding records
This topic explains how to hide HCL Compass records.
The security features available in HCL Compass software restrict user access to records in a database based on membership to user groups. Records are hidden by placing a security context field in the record type of the records to which you want to restrict access. The security context field references a security context record, which contains data that determines which users can see or change the record.
For example, to control which customers are allowed to see defects, you might place a customer_defects field in the Defects record type and reference this field to the Customer record type. You might then assign user groups to each customer record, which grants these groups privileges to see defect records that refer to the customer record. Only users who are in the group list of the security context record can see the controlled record.
Hiding records involves these tasks:
- Choosing the record types to control
- Creating user groups according to security context
- Choosing the record type to use as the security context
- Creating a security context field
- Submitting security context records
- Editing records to allow user access
By default, after implementing the security context, users with no specified user privilege do not see any records, and any record that does not have a value set for its security context field is not visible to any users. You can enable all users to see all records by selecting the Everyone group (or other defined group that includes all users) as the security context group.
Any record type that a user cannot submit does not appear in the record list when that user clicks ; users see a restricted list of record types instead of all record types in the schema. By default, users see all record types but receive an error when they attempt to submit a record type for which they do not have authorization. For more information, see the CanSubmit and GetEntityDefNamesForSubmit methods and the Actions and access control topics in API Reference pages.
Choosing the record types to control
Select a record type to use as the controlled record type. The controlled record type is the record type you want to hide or restrict access to. For example, to restrict access to defects in your HCL Compass environment, you use the Defect record as the controlled record type.
Creating user groups according to security context
Create new user groups or organize existing user groups for the security context that you want to use. Create user groups that align with your user access privileges. Then, assign users to the groups.
For example, to base security access on specific customers, you might create customer groups, one for each type of access permission. You can use existing groups or create new groups.
If you add more than one security context field to a record type, a user will be able to see records of that type if they are a member of any of the user groups on any of the referenced security context records.
Choosing the record type to use as the security context
Choose the record type to use as the security context. The security context record type is the record type referenced by the security context field. It contains user group information.
The security context record can be state-based or stateless. It can be a record that you create for this purpose or it can be an existing record, for example, the Project or Customers record types.
You cannot use a security context field to reference any system record types, such as history, users, groups, attachments, and so on.
For example, if you organize user groups by customer, you might use a Customer record type as the security context record. When a defect is associated with or references a particular customer record, only those users in the security context group list of that customer can see the record.
Creating a security context field
The security context field is a Reference type field in the controlled record that references the security context record type. You can create a field to use as the security context field or use an existing field. You can add more than one security context field. The security context field must be a Reference field type.
Create a security context field of the Reference type in the controlled record type and reference this field to your security context record type. You can use an existing Reference type field or create a field. Add the security context field to the forms of the controlled record type.
When you reference the security context record type, you also enable security by selecting the Security Context check box for the field. This setting creates a tab labeled Ratl_Security in the forms of the referenced record type. The Ratl_Security tab contains a list control for Context Groups.
For example, create a reference type field called customer_defects in the Defect record type and reference this field to the Customer record type. A Ratl_Security tab is added to the Customer record type forms.
Submitting security context records
Submit records for each security context. If your security context is Customer, you must submit a record for each customer.
For each record that you submit, use the Ratl_Security tab to designate the user groups that can access the customer record by adding the group to the Context Groups list.
Editing records to allow user access
Edit your existing controlled records (for example, Defects) and set the security context field by selecting the applicable security context record, in this case the Customer record.