Update rbac.md

parent ccfde027
......@@ -53,9 +53,8 @@ Create permissions to read and modify records for the req model in the menu Admi
![els](img/rbac/els.png)
Entity mask are the names of entities that begin with req, Method mask method names that start with s and u (select and update)
Assign the same permissions to the HealthDepartment role.
"Entity mask" are the names of entities that begin with req.
"Method mask" are the methods, names of which start with s and u (select and update).
Reboot the UB server and check if rules are applied correctly.
......@@ -184,13 +183,13 @@ Run the script with the `initialize` command
`ubcli initialize -u admin -p admin -host http://localhost:888 -m RequestList`
If you want the `initialize` script not to execute some js-files, put the symbol _ at the beginning of the file name.
If you want to create a new project with already created users, roles and rights for them, the link is the complete code [here](https://git-pub.intecracy.com/unitybase/samples/blob/master/courses/cityPortal-v4/models/requests/_initialData/030_setRole_navshortcuts.js)
If you want to create a new project with already created users, roles and rights for them, the link to the complete code is [here](https://git-pub.intecracy.com/unitybase/samples/blob/master/courses/cityPortal-v4/models/requests/_initialData/030_setRole_navshortcuts.js)
<a name = 'rls'></a>
# Row level security
So that the user of the department sees only the records addressed to him, you need to configure the rights to read certain records.
In oreder to restrict user of the department to see only the records addressed to him, you need to configure the rights to read certain records.
To be able to associate the system role user and department from the list of applications, you need to add a new attribute to the entity req_department in `req_depart.meta` file, associated with the entity uba_role (system roles)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment