Group permissions for designs
Set permissions for designs and their attributes
When using the Permissions Manager to configure a group, you can set permissions for any design in your customer project. This includes the system designs provided with Alloy and any custom designs made by your organisation.
For each design, you can define a granular level of access. This affects all items of the design and determines what the group's users can do with them, e.g. Group A can read and edit items of the Bollards design. Group B can also create and delete them.
For the attributes on the design, you can set a default level of access, which can then be overridden for individual attributes if needed, e.g. Group B has read/write access to all attributes of the Bollards design but Group A has no access to the Owner attribute.
Permissions affect all items of a design. To grant conditional access to items based on their values, consider Access policies.
Design permissions
To set permissions on a design when configuring a group in the Permissions Manager:
-
Select Designs in the Categories column.
-
Select the relevant design in the next column.
-
Enable one or more of the following Design permissions, according to your needs:
-
Create - allow the group's users to create items of this design.
-
Read - allow the group's users to view items of this design.
-
Edit - allow the group's users to edit items of this design.
-
Delete - allow the group's users to delete items of this design.
-
These permissions let users perform these actions on items. However, attribute permissions should also be set accordingly.
For example, if the Create permission is enabled on a design, but the Read write permission isn't enabled for all required attributes, it won't be possible to create an item of that design.
-
Enable one of the following Default attribute permissions, according to your needs:
-
None - attributes will be hidden from users of this group.
-
Read only - allow the group's users to view the attributes.
-
Read write - allow the group's users to view and edit the attributes.
You can override this default permission for individual attributes (see below).
-
Inheritance
If the design implements one or more interfaces, it will inherit any permissions set on those interfaces by this group.
Inherited permissions are highlighted blue. You can select an inherited permission to enable it on the design (so it stays enabled if the interface's permissions change). However, you can't disable an inherited permission.
Override attribute permissions
To override the Default attribute permission for a particular attribute on the selected design:
-
Select the attribute in the Attributes column.
-
In the Permissions column, enable one of the following Override attribute permissions, according to your needs:
-
None - the selected attribute will be hidden from users of this group.
-
Read only - allow the group's users to view the selected attribute.
-
Read write - allow the group's users to view and edit the selected attribute.
-
Inheritance
If the design implements one or more interfaces, some of its attributes will be inherited from those interfaces.
The permission of an inherited attribute can't be overridden. However, Alloy will tell you where it comes from, so you can edit the attribute on that interface if needed. Remember, doing so will affect that attribute on all designs/interfaces that implement that interface!
Link attributes
When granting access to any Link attribute on this design, ensure the group also has access to the design of the linked items (or an implemented interface). Otherwise, the group's users will receive an E1539905172 error whenever they view items of this design.
For more information, see Planning permissions.