Assigning read and write permissions
To assign read and write permissions for an attribute group:
From the Attribute Group definition page, click the Access control tab.
If required, search to refine the list of attributes displayed on the page.
Select Read and Write checkboxes as required.
By default, the checkboxes indicate allowed permissions. If Bravura Security Fabric is configured to display Allow and Deny columns, ensure that you select checkboxes in the appropriate columns. See configuration notes below.
Click Update.
Caution
If you require users to be able to edit attributes with restricted or boolean values, you must assign them both read and write permissions.
When assigning read and write permissions for an attribute group, consider the following:
If an attribute group contains required attributes that can only be edited by authorizers, the requirement is ignored until the request reaches the authorization stage. If authorizers then fail to provide values for the required attributes, the request is automatically denied.
When a user group is assigned write-only permissions to attributes with restricted or boolean values, they are automatically granted read and write permissions since write-only permissions would prevent users from viewing or editing attributes.
In some cases it may be easier to prevent certain users from accessing specific objects, rather than trying to find a way to grant limited user access.
Use the ACL DENY ENABLE setting on the Manage the system > Policies > Options page to allow console users to deny read and write permissions to objects.