Column-Level Permission
In Veezoo, you have fine-grained control over your data through the ability to define roles and assign them to users. This allows you to dictate which users have access to which data based on their roles. You can extend this control even further by applying column-level permissions within classes using the for_user_role
and not_for_user_role
properties.
Granting Column-Level Permissions with for_user_role
When defining concepts such as class
, number
, boolean
, date
, etc., you can assign specific roles that are allowed to access this data by using the for_user_role
property. This property can take multiple values corresponding to the names of roles that have been defined.
Here's an example:
kb {
class Order {
...
number Order_Total {
name.en: "Order Total"
synonym.en: ["Price", "Revenue", "Amount"]
for_user_role: ["finance", "executive"]
unit: onto.Currency.USD
sql: "${ORDERS.order_total}"
}
}
}
In the above example, only users who have been assigned the roles "finance" or "executive" are granted permission to view the Order_Total
class.
Restricting Column-Level Permissions with not_for_user_role
On the other hand, you may want to exclude certain roles from accessing a concept. You can use the not_for_user_role
property to specify roles that are not allowed to access this data.
Here's an example:
kb {
class Customer {
...
class Customer_Address {
name.en: "Customer Address"
synonym.en: ["Address"]
not_for_user_role: "customer_support"
sql: "${CUSTOMERS.address}"
}
}
}
In this example, users who are assigned the role "customer_support" are restricted from viewing the Customer_Address
class. If multiple roles are specified, then a user with either of the roles listed is limited from viewing this data.
Make sure to carefully manage your role assignments and column-level permissions to ensure data security. Regularly review and update your roles and permissions to align with changes in job responsibilities and organizational structure.