• 1 reply
  • Latest Post - ‏2014-01-02T19:52:32Z by yn2000
24 Posts

Pinned topic Conflicting ACI

‏2013-12-19T08:58:24Z |

I have 2 ACI in the system one of them grants add rights to one of the entity type and let the ACI member read and write all the attributes of that entity, the second ACI allows searching all the users for the same entity and allow write access to only 4 attrbutes within that entity, leaving rest of the attributes permission as none. Now when a user has both the ACI associated with his ISIM account he is able to search all the users of that entity type(because of secong ACI) and he is also able to read and write to all the attributes(because of the First ACI), however he is required to write to only those 4 attrbiutes only for existing users which the second ACI governs also at the same time he should be able to create new person of that entity and should be able to write to all the attributes of that entity type.

How to go about it?

  • yn2000
    1120 Posts

    Re: Conflicting ACI


    Let me rephrase the requirement: On create, you need to write to all attributes, but on modify (you said search) you need to write to only 4 attributes.

    Have you consider configuring the form using 'read only on modify'? The form configuration applies to everyone, including itim manager, but probably it is the one that you want.

    Rgds. YN.