Understanding operations on protected resources

Before you begin to define access for users, you must understand how users with different levels of access will be able to work with protected resources.

Currently CONTACT and CONTRACT records can be protected. These two tables contain an ACCESS_TOKEN_VALUE column.

If this column on a record contains null, that record is not protected. That is, any user or group can operate on that record. If this column on a record contains a value, that record is protected. Only users that are associated with an access token value that matches the value in that column can operate on that record.

Default access token

The default access token allows a resource to be created and protected with a specific access token value.

Global access token

The global access token gives a user authorization to any protected resource, even if the user is not associated with an access token value that matches the access token value assigned to the resource. For example, an administrator can be associated with a global access token.