Versions Compared

Old Version 24

changes.mady.by.user Chris Hyzer (upenn.edu)

Saved on

compared with

New Version 25

changes.mady.by.user Chris Hyzer (upenn.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

ActionEntity
All actionsSysadmin user
See all rulesReadonly sysadmin
Perform add / edit / delete actions on rules in general

If there is a grouper.properties 

Code Block
rules.restrictRulesUiToMembersOfThisGroupName = etc:rulesEditors

If the user using the UI is in the etc:rulesEditors group.

This does not apply to sysadmin or readonly sysadmin.

If this is not configured then there is no global rules group.

Whether this configuration is set or not, the following object privileges apply.

Use email in the result clause

If there is a grouper.properties 

Code Block
rules.restrictRulesUiToMembersOfThisGroupNamerestrictRulesEmailSendersToMembersOfThisGroupName = etc:rulesEmailResultAllowed

If the user using the UI is in the etc:rulesEmailResultAllowed group.

This does not apply to sysadmin or readonly sysadmin.

If this is not configured then there is no global rules group.

Whether this configuration is set or not, the following object privileges apply.

Edit rules on a groupGroup ADMIN privilege on the assignment owner
View rules on a groupGroup READ privilege on the group
Edit rules on a folderFolder ADMIN privilege on the assignment owner
View rules on a folder

Folder CREATE privilege on the folder,  or you have inherited (group) READ on the folder

Use a group in a "fires when", condition, or result in edit mode

This is context specific based on the "fires when", condition, result.

  • Anything with memberships, the user needs READ on the group being used (e.g. flattenedMembershipAdd)

If editing a rule, and a folder group is used in the rule that the user cannot viewsee the group (see below), then the input will be blank.

Use a group folder in a "fires when", condition, or result in edit mode

This is context specific based on the "fires when", condition, result.

  • Anything with memberships, the user needs inherited READ on the
group
  • folder being used
Use a folder in a
  • (e.g. flattenedMembershipAddInFolder)
  • "fires when": groupCreate requires ADMIN on the folder or inherited group ADMIN on the folder
  • "fires when"
, condition, or result in edit modeFolder ADMIN privilege VIEW on the group being used
  • : stemCreate requires ADMIN on the folder or inherited stem ADMIN on the folder
See a group in the list of rules
  • "fires when": attributeDefCreate requires ADMIN on the folder or inherited attributeDef ADMIN on the folder

If editing a rule, and a group folder is used in the rule that the user cannot viewsee the folder (see below), then the input will be blank.

See a folder group/folders in the list of rules for a group (fires, condition, result, assigned on)

If the group (where clicking rules button) is a REF or BASIS type and the user is not an ADMIN of the group, then the user needs VIEW on the group being used (fires, condition, result, assigned on)

If the group is not REF or BASIS or the user is an ADMIN of the group (where clicking rules button), all are viewable

See a group/folder in the list of rules for a folder (fires, condition, result, assigned on)

If the folder (where clicking rules button) is a REF or BASIS type and the user is not an ADMIN of the folder, then the user needs VIEW (or UI-type view) on the folder being used (fires, condition, result, assigned on)

If the folder is not REF or BASIS or the user is an ADMIN of the folder (where clicking rules button), all are viewable the folder or any privilege on an object in the folder (like the UI does to show folders)

Screen - folder rules - custom pattern

...