syst_perms


Description

Defines the available system and application permissions which can be assigned to users.

The Permission is divided into the following concepts:

  1. The Permission record itself defines a subject for which application security and control concerns exist.

  2. Each Permission is made up of standard Rights. These Rights are:

    • View - the ability to view data.

    • Maintenance - the ability to change or process existing data.

    • Administration - the ability to create or destroy data.

    • Operations - the ability to perform certain operations or processes.

  3. The Right for each Permission is assigned a Scope of applicability which can limit or extend the grant of a Right. Each Right of the Permission may define which Scopes it supports out of the following possibilities:

    • Unused - The Right does not exist in any meaningful way for the Permission.

    • Deny - The Right is not granted by the Permission grant; this is typically used in cases where other Rights may be granted, for example permitting a user to see a value (View Right), but not to Maintain or perform data Admin tasks (Maint & Admin Rights).

    • Same User - The Right grant is limited in Scope to those records which are in some way designated as belonging to the specific user exercising the Right. Ownership designation will be defined by those functions where a Permission is checked.

    • Same Group - The Right grant is limited in Scope to those records which are in some way designated as belonging to a specific group or groups and to which the user belongs in some way. Ownership designation will be defined by those functions where a Permission is checked.

    • All - The Right grant is not limited in Scope and all records which are subject to the Permission are available to the user.

Permissions are assigned to Permission Roles which are in turn granted to individual users. If a Permission is not assigned to a Permission Role, then the assumption is that the Permission Role’s users are denied all rights granted by the unassigned Permission.

Some Permissions may be dependent on the grants of other more fundamental Permissions. For example, a user may be granted only View Rights to the sales order form, but also granted Maintenance Rights to sales pricing data. In such a case the sales order Rights would dictate that the user does not have the ability to maintain sales pricing in the sales order context.

Specific details of applicability and the determination of Scope boundaries will vary by each specific scenario. Consult individual Permission documentation for specific understanding of how determinations of access are made.

User Defined Record Supported Operations

  • INSERT
  • SELECT
  • UPDATE
  • DELETE

System Defined Record Supported Operations

  • SELECT
  • UPDATE - See column comments for applicable restrictions.

Columns

Column Type Size Nulls Auto Default Children Parents Comments
id uuid 2147483647 null

The record’s primary key. The definitive identifier of the record in the system.

General Usage

This column is system maintained and should be considered read only in normal operations.

Data Requirements

  • Required?: false
  • Unique Values Required?: true
  • Default Value: Automatically Generated

User Defined Record Supported Operations

  • SELECT

System Defined Record Supported Operations

  • SELECT
internal_name text 2147483647 null

A candidate key useful for programmatic references to individual records.

General Usage

This column is system maintained and should be considered read only in normal operations.

Data Requirements

  • Required?: true
  • Unique Values Required?: true
  • Default Value: ( No Default Value )

User Defined Record Supported Operations

  • INSERT
  • SELECT
  • UPDATE

System Defined Record Supported Operations

  • SELECT
display_name text 2147483647 null

A friendly name and candidate key for the record, suitable for use in user interactions

General Usage

This column is system maintained and should be considered read only in normal operations.

Data Requirements

  • Required?: true
  • Unique Values Required?: true
  • Default Value: ( No Default Value )

User Defined Record Supported Operations

  • INSERT
  • SELECT
  • UPDATE

System Defined Record Supported Operations

  • SELECT
  • UPDATE - Only user maintainable records.
perm_functional_type_id uuid 2147483647 null

Assigns the Permission to a specific Permission Functional Type.

General Usage

Permissions may only be granted in Permission Roles of the same Permission Functional Type.

Data Requirements

  • Required?: true
  • Unique Values Required?: false
  • Default Value: ( No Default Value )

User Defined Record Supported Operations

  • INSERT
  • SELECT

System Defined Record Supported Operations

  • SELECT
syst_defined bool 1 null

Values of TRUE in this column indicate that the record is considered a “System Defined” record, a record which is created and primarily maintained by the system using automated processes. A value of FALSE indicates that the record is considered a “User Defined” record which is maintained by user actions in the application.

General Usage

This column is system maintained and should be considered read only in normal operations.

Data Requirements

  • Required?: false
  • Unique Values Required?: false
  • Default Value: FALSE

User Defined Record Supported Operations

  • SELECT

System Defined Record Supported Operations

  • SELECT
syst_description text 2147483647 null

A system defined description indicating the purpose and use cases of a given record. Text defined in this column is system maintained and should not be changed under normal circumstances.

General Usage

This column is system maintained and should be considered read only in normal operations.

Data Requirements

  • Required?: false
  • Unique Values Required?: false
  • Default Value: ( No Default Value )

User Defined Record Supported Operations

  • SELECT

System Defined Record Supported Operations

  • SELECT
user_description text 2147483647 null

An optional user defined description of the record and its use cases. If this value is not NULL, the value will override any syst_description defined text in application user interfaces and other presentations.

Data Requirements

  • Required?: false
  • Unique Values Required?: false
  • Default Value: ( No Default Value )

User Defined Record Supported Operations

  • INSERT
  • SELECT
  • UPDATE

System Defined Record Supported Operations

  • SELECT
  • UPDATE - Always updatable, even when not otherwise user maintainable.
view_scope_options _text 2147483647 null

If applicable, enumerates the available Scopes of viewable data offered by the permission.

General Usage

If not applicable the only option will be ‘unused’.

Data Requirements

  • Required?: true
  • Unique Values Required?: false
  • Default Value: ( No Default Value )

User Defined Record Supported Operations

  • INSERT
  • SELECT
  • UPDATE

System Defined Record Supported Operations

  • SELECT
maint_scope_options _text 2147483647 null

If applicable, enumerates the available Scopes of maintainable data offered by the permission. Maintenance in this context refers to changing existing data.

General Usage

If not applicable the only option will be ‘unused’.

Data Requirements

  • Required?: true
  • Unique Values Required?: false
  • Default Value: ( No Default Value )

User Defined Record Supported Operations

  • INSERT
  • SELECT
  • UPDATE

System Defined Record Supported Operations

  • SELECT
admin_scope_options _text 2147483647 null

If applicable, enumerates the available Scopes of data administration offered by the permission. Administration in this context refers to creating or deleting records.

General Usage

If not applicable the only option will be ‘unused’.

Data Requirements

  • Required?: true
  • Unique Values Required?: false
  • Default Value: ( No Default Value )

User Defined Record Supported Operations

  • INSERT
  • SELECT
  • UPDATE

System Defined Record Supported Operations

  • SELECT
ops_scope_options _text 2147483647 null

If applicable, enumerates the available Scopes of a given operation or processing capability offered by the permission.

General Usage

If not applicable the only option will be ‘unused’.

Data Requirements

  • Required?: true
  • Unique Values Required?: false
  • Default Value: ( No Default Value )

User Defined Record Supported Operations

  • INSERT
  • SELECT
  • UPDATE

System Defined Record Supported Operations

  • SELECT
diag_timestamp_created timestamptz 35,6 null

The database server date/time when the transaction which created the record started.

General Usage

This column is system maintained and should be considered read only in normal operations.

Data Requirements

  • Required?: false
  • Unique Values Required?: false
  • Default Value: Automatically Generated

User Defined Record Supported Operations

  • SELECT

System Defined Record Supported Operations

  • SELECT
diag_role_created text 2147483647 null

The database role which created the record.

General Usage

This column is system maintained and should be considered read only in normal operations.

Data Requirements

  • Required?: false
  • Unique Values Required?: false
  • Default Value: Automatically Generated

User Defined Record Supported Operations

  • SELECT

System Defined Record Supported Operations

  • SELECT
diag_timestamp_modified timestamptz 35,6 null

The database server date/time when the transaction which modified the record started. This field will be the same as diag_timestamp_created for inserted records.

General Usage

This column is system maintained and should be considered read only in normal operations.

Data Requirements

  • Required?: false
  • Unique Values Required?: false
  • Default Value: Automatically Generated

User Defined Record Supported Operations

  • SELECT

System Defined Record Supported Operations

  • SELECT
diag_wallclock_modified timestamptz 35,6 null

The database server date/time at the moment the record was actually modified. For long running transactions this time may be significantly later than the value of diag_timestamp_modified.

General Usage

This column is system maintained and should be considered read only in normal operations.

Data Requirements

  • Required?: false
  • Unique Values Required?: false
  • Default Value: Automatically Generated

User Defined Record Supported Operations

  • SELECT

System Defined Record Supported Operations

  • SELECT
diag_role_modified text 2147483647 null

The database role which modified the record.

General Usage

This column is system maintained and should be considered read only in normal operations.

Data Requirements

  • Required?: false
  • Unique Values Required?: false
  • Default Value: Automatically Generated

User Defined Record Supported Operations

  • SELECT

System Defined Record Supported Operations

  • SELECT
diag_row_version int8 19 null

The current version of the row. The value here indicates how many actual data changes have been made to the row. If an update of the row leaves all data fields the same, disregarding the updates to the diag_* columns, the row version is not updated, nor are any updates made to the other diag_* columns other than diag_update_count.

General Usage

This column is system maintained and should be considered read only in normal operations.

Data Requirements

  • Required?: false
  • Unique Values Required?: false
  • Default Value: Automatically Generated

User Defined Record Supported Operations

  • SELECT

System Defined Record Supported Operations

  • SELECT
diag_update_count int8 19 null

Records the number of times the record has been updated regardless as to if the update actually changed any data. In this way needless or redundant record updates can be found. This row starts at 0 and therefore may be the same as the diag_row_version - 1.

General Usage

This column is system maintained and should be considered read only in normal operations.

Data Requirements

  • Required?: false
  • Unique Values Required?: false
  • Default Value: Automatically Generated

User Defined Record Supported Operations

  • SELECT

System Defined Record Supported Operations

  • SELECT

Relationships

Close relationships within degrees of separation

View Definition

Possibly Referenced Tables/Views