Manage record access policy rules

Overview

This page describes how to create, edit, and delete rules from a record access policy via the webapp. Rules can also be configured via the API.

Create a rule

To create a rule, do the following:

  1. Navigate to the policy to which you want to add a rule.
  2. Click the Rules tab.
  3. Click Create rule.
  4. Use the table that follows to configure the fields in the Create rule page.
  5. Click Save.
Field Description
Rule description
Object type The data object that the rule must apply to, for example, if the rule pertains to accessing job records, then the object type would be Job.
Filter records The filter, written in EQL, that must be applied to the object data to limit what is accessible. For example, if the rule limited all job records that were pending dispatch, the filter would specify this. See the EQL documentation for more information on how to write and use these filters.
Access type  Controls whether the rule denies or allows access to data.
Excluded permissions  Users that have a role with any of the permissions in the provided list will be excluded from the rule. For example, you may have a rule for Jobs that denies access unless the job is allocated to the current user. This rule is intended for resources, so you can exclude schedulers by adding a permission exclusion for skedulo.tenant.schedule.allocation.dispatch. See also Functional permissions and custom roles.

Edit a rule

To edit a record access policy rule, do the following:

  1. Navigate to the policy for which you want to edit a rule.
  2. Click the Rules tab.
  3. Click the name of the rule you want to edit. The Edit rule page displays. The Edit rule page
  4. Make the required changes and then click Save.

Delete a rule

To delete a rule, do the following:

  1. Navigate to the policy from which you want to delete a rule.
  2. Click the Rules tab.
  3. Click the checkbox to select the rule to delete. The Delete and Deselect all options display.
  4. Click Delete.
  5. To confirm deletion, click Yes in the confirmation dialog, or click Cancel to return to the Rules tab without deleting the rule.