跳转至

Permission checks when applying an Action(应用操作时的权限检查)

The permission checks when applying an Action depend on whether you are editing a single-datasource object or a multi-datasource object.

Edits of single-datasource objects

If an object type is backed by a single datasource, Actions allow a user to edit an object as long as:

When creating new objects, the user must be able to view the input datasource of the object type; the Action run will fail if the user does not have access to the input datasource.

Edits of multi-datasource objects

Object types can have properties that come from more than one datasource. In these cases, users can have varying levels of access on a given object, as follows:

  • User can view the entire object; for example, the user may have access to all datasources as well as all rows in these datasources.
  • User can view a subset of datasources; for example, the user may have access to all rows in some datasources and none of the rows in the other datasources.
  • User can view a subset of rows in subset of datasources; for example, the user may have access to the full object for some rows, partial access to objects for some rows, and no access to objects for the remaining rows.

If an object type has multiple datasources, the permission checks when applying an Action are more complicated, since enforcing constraints to ensure that the user must be able to view the entire object to edit it (as with single-datasource objects) can be very restrictive.

The following permission rules are implemented for different kinds of Actions that can be applied to an object.

Create object

Scenario: The given object exists in datasources D[i..k, m..n]. The user is creating the object by setting values for properties only in D[i..k].

The user is not allowed to create the object unless they can view the backing datasource of D[i..k]. No permission is checked on D[m..n]. The values of D[m..n] default to null.

If any of D[i..k] contained the object in the past (but have the object marked as deleted now), the user must have permissions to see the row/object in all of D[i..k] in order to recreate the object.

Edit or modify object

Scenario: The object exists in datasources D[i..k, m..n]. The user is editing properties mapped to D[i..k].

The user is allowed to edit properties provided they can view existing values of properties in D[i..k]. No permission is checked on properties mapped to D[m..n].

D[m..n] will show up as null during the validation. The user can apply the Action if the validations pass with the null values.

Delete object

Scenario: The object exists in datasources D[i..k, m..n].

The user is not allowed to delete the object if they cannot view the entire object (in other words, all the properties coming from D[i..k, m..n]).

Scenario: Object1 exists in datasources D1[i..k] and object2 exists in datasources D2[m..n].

The user is allowed to create the link as long as they can load both object1 and object2 in any of the datasources D1[i..k] and D2[m..n], respectively. No permission is checked on individual properties or datasources.

Scenario: Object1 exists in datasources D1[i..k] and object2 exists in datasources D2[m..n].

The user is allowed to delete the link as long as they can load both object1 and object2 in any of the datasources D1[i..k] and D2[m..n], respectively. No permission is checked on individual properties or datasources.


中文翻译

应用操作时的权限检查

应用操作时的权限检查取决于您编辑的是单数据源对象还是多数据源对象

单数据源对象的编辑

如果对象类型由单个数据源支持,只要满足以下条件,用户即可通过操作编辑对象:

创建新对象时,用户必须能够查看对象类型的输入数据源;如果用户无权访问输入数据源,操作执行将失败。

多数据源对象的编辑

对象类型的属性可能来自多个数据源。在这种情况下,用户对特定对象可能拥有不同级别的访问权限,具体如下:

  • 用户可以查看整个对象;例如,用户可能拥有所有数据源以及这些数据源中所有行的访问权限。
  • 用户可以查看部分数据源;例如,用户可能拥有某些数据源中所有行的访问权限,而对其他数据源中的行没有任何访问权限。
  • 用户可以查看部分数据源中的部分行;例如,用户可能对某些行拥有完整对象的访问权限,对某些行拥有部分对象的访问权限,而对剩余行则没有任何对象访问权限。

如果对象类型有多个数据源,应用操作时的权限检查会更加复杂,因为强制要求用户必须能够查看整个对象才能编辑(如同单数据源对象那样)可能会非常严格。

以下是为可应用于对象的不同类型操作实施的权限规则。

创建对象

场景:给定对象存在于数据源 D[i..k, m..n] 中。用户通过仅设置 D[i..k] 中的属性值来创建对象。

除非用户能够查看 D[i..k] 的后台数据源,否则不允许创建对象。不对 D[m..n] 进行权限检查。D[m..n] 的值默认为 null

如果 D[i..k] 中的任何一个数据源过去包含该对象(但现在已将该对象标记为已删除),用户必须拥有查看所有 D[i..k] 中行/对象的权限才能重新创建该对象。

编辑或修改对象

场景:对象存在于数据源 D[i..k, m..n] 中。用户正在编辑映射到 D[i..k] 的属性。

只要用户能够查看 D[i..k] 中属性的现有值,就允许编辑属性。不对映射到 D[m..n] 的属性进行权限检查。

在验证过程中,D[m..n] 将显示为 null。如果验证在 null 值下通过,用户可以应用该操作。

删除对象

场景:对象存在于数据源 D[i..k, m..n] 中。

如果用户无法查看整个对象(即来自 D[i..k, m..n] 的所有属性),则不允许删除该对象。

创建链接

场景:Object1 存在于数据源 D1[i..k] 中,Object2 存在于数据源 D2[m..n] 中。

只要用户能够分别加载数据源 D1[i..k]D2[m..n] 中的任意一个 Object1 和 Object2,就允许创建链接。不对单个属性或数据源进行权限检查。

删除链接

场景:Object1 存在于数据源 D1[i..k] 中,Object2 存在于数据源 D2[m..n] 中。

只要用户能够分别加载数据源 D1[i..k]D2[m..n] 中的任意一个 Object1 和 Object2,就允许删除链接。不对单个属性或数据源进行权限检查。