The mechanisms described above restricted access to objects but still allow the users to retrieve the objects to a list view by query or relationship expansion. It is possible to filter out objects altogether.
By relating an access group to a class definition, these objects can only be retrieved by roles configured with this group. There is a condition on this relationship to further control and restrict access by owning group or any other object relationship or property.
This filtering is performed after the query results have been returned by evaluating the relevant conditions on all objects of that class. As a result, this will slow down the overall query as it does this processing. This mode of filtering should be used with care and where the intention is to hide certain objects form the user in all circumstances (such as hiding documents based on a custom security level property).
There are specific query filters available on the Query and Quick Find methods and edge expansion that apply the filter as additional SQL as the database is queried and as a result is much faster. This is also detailed in the next section.
Restricting a class of object to an access group
This will prevent users from retrieving these objects unless their role is configured with the access group.
-
Identify an access group to which you want to grant access such as DocControl.
-
Relate the access group to the class definition that you want to restrict.
Restricting a class of object from users under certain conditions
This will prevent users from retrieving these objects unless a condition is satisfied. This is still achieved by relating the access group to the class definition but also by specifying a condition.
-
Identify an access group to which you want to conditionally grant access. If you want this to apply to all users, chose an access group that is configured on a role associated with all user, such as VIEWONLY.
-
Relate the access group to the class definition, configuring a condition on the relationship. A typical condition might check a security level attribute on the objects so that VIEWONLY users can only access level 1 and DocController can access level 2.
Each client API retrieves the queried objects based on the argument selected on the corresponding method.
Set the following arguments on the QFindObject method using the QFindObject client API to get the following results:
|
Required result |
Arg 10 value |
Arg 11 value |
Arg 14 value |
|---|---|---|---|
|
Paged query |
NULL |
Value that indicates the number of pages at which page query will be used |
FALSE |
|
Paged query |
LIGHTVIEW |
Value that indicates the number of pages at which page query will be used |
FALSE |
|
Normal list view |
NULL |
NULL |
TRUE |
|
Light list view |
LIGHTVIEW |
NULL |
FALSE |
|
Paged query in a light list view |
NULL |
Value that indicates the number of pages at which page query will be used |
TRUE |
To get a paged query in a light list view, when you select Argument 14, a page size
value must be entered for Argument 11.
Restricting a class of object from users by ownership
This will prevent users from retrieving these objects unless they own the object or are in a role configured with the objects owning group. This is still achieved by relating the access group to the class definition but also by specifying a condition.
-
Identify an access group to which you want to conditionally grant access. If you want this to apply to all users, choose an access group that is configured on a role associated with all users, such as VIEWONLY.
-
Relate the access group to the class definition, configuring one of these conditions on the relationship.
-
IsOwnerOrInOwningGroupOrNoOwnership - Allows user access if they are the owner of the object, in the owning group of the object or the object has no ownership set.
-
IsOwnerOrInOwningGroup - Same as above except that the user has no access to object with no ownership set.