1Ci Support Help Center home page
Submit a request
Sign in
  1. 1Ci Support
  2. 1C:Enterprise Development Standards
  3. Setting data access rights

Setting rights for new objects and object fields

  • Setting data access rights
    • Configuring roles and access rights
    • Standard roles
    • Setting rights for new objects and object fields
    • Checking access rights
    • Using privileged mode
    • Restrictions on the use of ALLOWED keyword in requests
    • Impact of modifying session parameter and functional option values on the performance of data access restriction mechanism

Scope: managed applications, ordinary applications.

Upon developing configuration roles, make sure your methods of granting access rights to metadata objects do not allow creation of roles granting access to object fields and not the object itself. Otherwise, it causes access rights issues at the deployment stage. Users might be granted access to all metadata object attributes if such roles are assigned to them.

  1. Select the "Set rights for new objects" check box for the FullAccess role only.
  2. When you add new roles, select the "Set rights for attributes and tabular sections by default" check box and clear the "Independent rights of subordinate objects" check box.
  3. If you need to assign rights to specific fields of metadata objects in a role (view, edit attributes, tabular sections, dimensions, commands, and other without granting rights to the object itself), preliminary take the following actions. In the role, select the "Independent rights of subordinate objects" check box and clear the "Set rights for attributes and tabular sections by default" check box. Also clear access rights to all attributes and tabular sections.
  4. Whenever you add new objects or fields of existing objects in a configuration, configure access rights to these objects and fields in the respective roles.

Example of granting access rights in the AddEditContactInfoKinds role:

 

© 2020 1C INTERNATIONAL LLC www.1Ci.com Support policy