...
Action | Entity | ||
---|---|---|---|
All actions | Sysadmin user | ||
See all rules | Readonly sysadmin | ||
Perform add / edit / delete actions on rules in general | If there is a grouper.properties
If the user using the UI is in the etc:rulesEditors group. This does not apply to sysadmin or readonly sysadmin. If this is not configured then there is no global rules group. Whether this configuration is set or not, the following object privileges apply. | ||
Use email in the result clause | If there is a grouper.properties
If the user using the UI is in the etc:rulesEmailResultAllowed group. This does not apply to sysadmin or readonly sysadmin. If this is not configured then there is no global rules group. Whether this configuration is set or not, the following object privileges apply. | ||
Edit rules on a group | Group ADMIN privilege on the assignment owner | ||
View rules on a group | Group READ privilege on the group | ||
Edit rules on a folder | Folder ADMIN privilege on the assignment owner | ||
View rules on a folder | Folder CREATE privilege on the folder, or you have inherited (group) READ on the folder | ||
Use a group in a "fires when", condition, or result in edit mode | This is context specific based on the "fires when", condition, result.
If editing a rule, and a folder group is used in the rule that the user cannot viewsee the group (see below), then the input will be blank. | ||
Use a group folder in a "fires when", condition, or result in edit mode | This is context specific based on the "fires when", condition, result.
| See a group in the list of rules |
If editing a rule, and a group folder is used in the rule that the user cannot viewsee the folder (see below), then the input will be blank. |
See a folder group/folders in the list of rules for a group (fires, condition, result, assigned on) | If the group (where clicking rules button) is a REF or BASIS type and the user is not an ADMIN of the group, then the user needs VIEW on the group being used (fires, condition, result, assigned on) If the group is not REF or BASIS or the user is an ADMIN of the group (where clicking rules button), all are viewable | ||
See a group/folder in the list of rules for a folder (fires, condition, result, assigned on) | If the folder (where clicking rules button) is a REF or BASIS type and the user is not an ADMIN of the folder, then the user needs VIEW (or UI-type view) on the folder being used (fires, condition, result, assigned on) If the folder is not REF or BASIS or the user is an ADMIN of the folder (where clicking rules button), all are viewable the folder or any privilege on an object in the folder (like the UI does to show folders) |
Screen - folder rules - custom pattern
...