Entitlements
You can use entitlements to enforce restrictions or entitlements on users and groups.
Based on its type and configuration, users are restricted from or enabled to see certain sensitive data on user interface pages and web services.
The following list shows the types of entitlements:
Restrictive entitlements
A restrictive entitlement restricts access to data that contains a defined condition. By default, these
restrictions are applied to all users in the system; no users have access unless explicitly granted. To exempt
a user from a restriction, do the following steps:
- Create a special access group.
- Link the restrictive entitlement to this group.
- Assign the exempted user by adding the user to the special access group.
Regular entitlements
A regular entitlement allows access only to data that contains a defined condition. Unlike restrictive
entitlements, these entitlements are not automatically applied to all users. Instead, to enforce this
entitlement on a user, do the following steps:
- Create a contained access group.
- Link the entitlement to this group.
- Assign the entitled user by adding the user to the contained access group.