There are several aspects to setting access control
At the basic level, you grant or restrict project access to users and groups.
At a more advanced level, when configuring access control, you can set Workbench properties to grant or restrict access to specific files, folders, or columns and rows within a cBase or classic model, based on the property values assigned to users and groups.
NOTE: It is a best practice to set access rules at the project level and select the Inherit from ancestor check box for each folder in the project whenever possible.
The general workflow for setting access control is:
- Create users.
See Managing Users.
- Create groups and assign users to them.
See Managing Groups.
- Create properties.
See Properties Overview.
- Set project access for users and groups.
See Managing Project Access.
- Assign properties and specific values to users and groups.
See Assigning Properties to Users and Groups.
- Use these properties to configure access control for specific folders in Workbench Explorer.
See Configuring Access Control.You can also use these property values in other scripts.
- DI recommends using properties as the main way to set access control rules because properties allow you to separate the rules from data values. See Properties: Separating Access Control Rules from Data Values.
- When using classic Diver Solution Models and Workbench projects, access control is the same as for Diver Platform 7.x (as described above). The access control tab (right-click a project or folder and select Edit Access Control) includes a Model Access tab for these settings. See Setting Model Access.
- When using classic models with a virtual project in Workbench via the 6.4 DiveLine Namespace or 6.4 Production Sandbox, existing DiveLine Access Control Lists access control list. The security tool that DiveLine 6.x uses to control user and group access to the server. DiveLine 7.x applies access control rules to projects and can apply ACLs to non-project resources that use the 6.4 DiveLine namespace. ACLs created using DI-Config are applied by the 7.x clients. This includes the scenario where a project has an alias to the 6.4 DiveLine Namespace or 6.4 Production Sandbox project. To edit these ACLs, use version 7.x DI-Config.