Hiding Various Elements

In this use case, we want to hide workspace "Sensitive Data Sets" from users with role INTERN, as well as all the scenarios that are contained in this workspace, and also the dashboard "Sensitive Design" and the task "Sensitive Planning".

This can be implemented by defining rules similar to the ones in the previous use cases on each of the application elements that we want to hide. However, a simpler implementation can be achieved using permission groups.

To this end, we first create a permission group named "Sensitive Things". We include the following elements in this group:

Workspace "Sensitive Data Sets"
Dashboard "Sensitive Design"
Task "Sensitive Planning"

and we add the following permission rules to the ruleset attached to this permission group:

role(INTERN), ACCESS, WORKSPACE, false
role(INTERN), ACCESS, SCENARIO, false
role(INTERN), ACCESS, VIEW_DASHBOARD, false
role(INTERN), ACCESS, TASK, false

These rules will be found as part of the ruleset attached to the group of the workspace, dashboard, and task; and as part of the ruleset attached to the workspace containing the scenarios.

Note that adding elements to the permission group can be done independently of, typically after, defining the permission rules in the attached ruleset.