Minimum access controls for object operations

Users can perform the following operations on objects: Create, Read, Update, Associate and Delete. Each of these operations requires certain minimum access controls.

Create operation

The following table shows the minimum access controls that a user requires to create an object. Access controls are required for both the parent object and the child object.

Some access controls must be defined by using role-based security rather than record level security (as indicated in the table). In these instances, the access control for the parent object can be defined by using either type of security, but for the child object, it must be defined by using role-based security.

Table 1. Access controls required to create an object
  Read Write Delete Associate
Parent Yes     Yes
Child Yes (from role-based security) Yes (from role-based security)   Yes (from role-based security)

Read operation

The following table shows the minimum access controls that a user requires to read an object.

These access controls can be defined in the role-based security or the record level security.

Table 2. Access controls required to read an object
  Read Write Delete Associate
Object Yes      

Update operation

The following table shows the minimum access controls that a user requires to update an object.

These access controls can be defined in the role-based security or the record level security.

Table 3. Access controls required to update an object
  Read Write Delete Associate
Object Yes Yes    

Associate operation

The following table shows the minimum access controls that a user requires to associate an object. Access controls are required for both the parent object and the child object.

Some access controls must be defined that use role-based security rather than record level security (as indicated in the table). In these instances, the access control for the parent object can be defined by using either type of security, but for the child object, it must be defined by using role-based security.

Table 4. Access controls required to associate an object
  Read Write Delete Associate
Parent Yes     Yes
Child Yes (from role-based security)     Yes (from role-based security)

Delete operation

The following table shows the minimum access controls that a user requires to delete an object. Access controls are required for both the parent object and the child object.

These access controls can be defined in the role-based security or the record level security.

Table 5. Access controls required to delete an object
  Read Write Delete Associate
Parent Yes     Yes
Child Yes   Yes Yes

The following table shows the minimum access controls that a user requires to delete an object type that is self-contained or recursive, such as a Business Entity or Sub-Process. Access controls are required for both the parent object and the child object.

Some access controls must be defined using role-based security rather than record level security (as indicated in the table). In these instances, the access control for the parent object can be defined using either type of security, but for the child object, it must be defined using role-based security.

Table 6. Access controls to delete a self-contained object
  Read Write Delete Associate
Parent Yes     Yes
Child Yes (from role-based security)   Yes (from role-based security) Yes (from role-based security)