Configuration levels for objects
Levels describe the scope of objects and must be applied to objects. Depending on the level that you assign to objects, you must create certain attributes. For users to access an object, an attribute value must exist at the level to which they have authority. The level that you assign to an object sometimes depends on the level of the record in the database.
A system-level object is the only object that does not require an attribute value as it applies to all objects. If you specify a multiple-level for an object, multiple attributes must be created. For example, if you specify the SYSTEMORGSITE level, the system attribute, the organization attribute, and the site attribute must be created.
You do not need to specify the required values for attributes when you create an object, required values can be specified at a later date.
Security is applied to configuration levels.
For certain configuration levels, you can restrict the result set by appending a condition to the WHERE clause. For example, you can specify the site level as "siteid=...".
Level | Description | Object attributes | Example |
---|---|---|---|
SYSTEM | A system-level object. Security restrictions are applied at the application or object level in the specific system-level business object definitions. |
System attribute | |
SYSTEMORG | A system-level object that can also be assigned
to an organization. If the organization ID is not specified, the object operates at the system level. |
System attribute and organization attribute | orgid is null or orgid = ... |
SYSTEMSITE | A system-level object that can also be assigned
to a site. If the site ID is not specified, the object operates at the system level. |
System attribute and site attribute | siteid is null or siteid = ... |
SYSTEMORGSITE | A system-level object that can also be assigned
to an organization, or to an organization and a site. If the site ID is not specified, the object operates at either the system level or the organization level. The level depends on whether the organization ID is assigned. If the organization ID is not specified, the object operates at the system level. |
System attribute, organization attribute, and site attribute | (siteid is null or siteid = ...) and (orgid is null or orgid = ...) |
SYSTEMAPPFILTER | This object is treated as a system-level object
but it can ask the profile for a list of sites and organizations
in the context of an application so that the application can filter
data. Filtering is required for site-level administration of users and groups. Used for Users and Groups. |
System attribute and application filter attribute | |
ORG | An organization-level object. The framework applies security for this type. |
Organization attribute | orgid = ... |
ORGSITE | An organization-level object that can also be
assigned to a site. If the site ID is not specified, the object operates at the organization level. |
Organization attribute and site attribute | (siteid is null or siteid = ...) and orgid = ... |
ORGAPPFILTER | An organization-level object with application
filtering. Used for contracts so that the contract applications can filter on the special object instead of filtering by using standard security. |
Organization attribute and application filter attribute | |
SITE | A site level object. | Site attribute | siteid = ... |
SITEAPPFILTER | A site-level object with application filtering. Reserved for future objects. |
Site attribute and application filter attribute | |
ITEMSET | An item set-level object. The itemsetid attribute
value must exist in the insert organization for users. The framework adds the required security restriction. |
Item set attribute | |
COMPANYSET | A company set-level object. The compnaysetid
attribute value must exist in the insert organization for users. The framework adds the required security restriction. |
Company set attribute |