The following applies if you are using a version of the software before Update 10. For the latest information, see Create a security rule.
Before Update 10, security rules must be created in the Desktop Client:
-
In the Desktop Client, click File > New > Administration > Security Rule.
-
Type the name and description for the new security rule.
-
In the Security Rule definition box, type the syntax to describe the condition that the object must meet for the methods related to the access group to appear. Example: obj->SPFCXmtlExternalCompany_12.Name=ENV.USERORGANIZATIONNAME.
The security rule syntax is the same as that used to create conditions, except that the security rules do not support keywords like ‘NOT’, 'OBJ1', 'OBJ2', or function keywords like ‘ISSET’, ‘ISSETB’, and so on. For more information about creating conditions, see Configure conditions.
-
Find and select one or more class definitions from the Class Definition list to associate with the security rule.
-
Find and select one or more access groups from the Access Group list to associate with the security rule.
-
Find and select one or more edge definitions to expand and apply the security rule.
-
Find and select one or more relationship definitions to expand from End1 to End2 and apply the security rule.
-
Find and select one or more relationship definitions to expand from End2 to End1 and apply the security rule.
For example, the following security rule definition has a relationship definition expansion:
Obj->SDAItemSecurityCode_12.Name = Env.SecurityCodesForUserInQueryConfig Or obj.objdefuid = ‘SDAArea’
This security rule definition ensures that the results either match the security code or are in an SDAArea, which may not have a security code.