Security privileges
Regardless of IDM integration, there are many levels of security in Optiva that determine whether users can access particular document codes in the Attachments grid. For example, you can show or hide document codes in Configure Templates by role/symbol/object class. Filters can further restrict the choices that are shown in the Function Code list in the Attachments grid.
IDM Access Control Lists (ACL security) further restricts the Document Types and the individual documents to which Optiva users have access.
Two IDM Access Control Lists are provided in the XML code for you.
- Public means that all users can read and edit the document attachment.
- Private means only the last modifier of the document can read and edit the document attachment.
When you import the XML code to IDM, Public is assigned as the default value for your Document Type. In IDM, you can change the ACL default value for the Document Type.
In IDM, you can add more Access Control Lists for each Document Type. For example, you can have one Access Control List for a specific IFS role. That list provides certain privileges for the documents within that Document Type. Those privileges may be read, update, create, delete, checkin, and checkout.
You must specify CheckIn and CheckOut privileges when you grant Update, Create, and ChangeAcl privileges to roles. You must also specify CheckIn and CheckOut privileges when Archive is enabled so that users can delete rows.
What if the IFS role has privilege to ChangeAcl? Then the users within that role can change the value in the Access Control List in the Optiva Attachments grid. For example, they can change a document from Public to Private and vice versa.
You can create Document Types and assign Access Control Lists to those Document Types. Remember that IDM ACL security never provides a higher level of access than Optiva.
IDM ACL security can only further restrict user access to Document Types and individual documents within each Document Type.
If a Document Type is read-only based upon Optiva security, then that Document Type cannot be edited regardless of IDM ACL security.
Suppose a Document Type is editable based upon Optiva security. Then that Document Type or the individual documents within that Document Type can still be hidden using ACL security in IDM.
For more information about manually adding the Access Control Lists in IDM, see the Infor OS Platform Administration Guide. This guide is available on the Infor Support Portal.