Manage record access policy rules

Overview

This page describes how to create, edit, and delete rules from a record access policy via the webapp.

Rules can also be managed via the API. See the Skedulo Lens API Reference Guide and the developer guidefor more information.

View a policy’s rules

You can view a policy’s rules by doing the following actions:

  1. On the Settings > Record access policies page, click the name of the record access policy you want to view. The policy details page displays.
  2. Click the Rules tab. A list of the policy’s rules displays.
  3. To see the rules’ filter (the EQL query) in the table, click Columns /> Filter, and then click Confirm.

Create a rule

To create a rule, do the following:

  1. Navigate to the policy to which you want to add a rule.
  2. Click the Rules tab.
  3. Click Create rule.
  4. Use the table that follows to configure the fields in the Create rule page.
  5. Click Save.
Field Description
Rule description A text description that makes it easy to identify the rule’s purpose.
Object type The data object that the rule must apply to, for example, if the rule pertains to accessing job records, then the object type would be Job. This field also supports a hasLookup:<lookup name> value.
Filter records The filter, written in EQL, that must be applied to the object data to limit what is accessible. For example, if the rule limits all job records that are pending dispatch, the filter would specify this. See the EQL documentation for more information on how to write and use these filters for the Skedulo data model.
Access type  Controls how the filter applies to the object’s data. If set to deny, then only data that passes the filter expression will be returned. When an object has a rule with access type deny in effect, a rule with access type allow can be added to override it if the allow filter expression passes.
Roles excluded Users with a role listed in this field will be exempt from the rule. Note that users with the administrator role or a role containing the “View all data” permission are exempt from all record access policies.
Permissions excluded  Users that have a role with any of the permissions in this field will be excluded from the rule.

Edit a rule

To edit a record access policy rule, do the following:

  1. Navigate to the policy for which you want to edit a rule.
  2. Click the Rules tab.
  3. Click the name of the rule you want to edit. The Edit rule page displays. The Edit rule page
  4. Make the required changes and then click Save. Success notification displays.

Delete a rule

To delete a rule, do the following:

  1. Navigate to the policy from which you want to delete a rule.
  2. Click the Rules tab.
  3. Click the checkbox to select the rule to delete. The Delete and Deselect all options display.
  4. Click Delete.
  5. To confirm the deletion, click Yes, or click Cancel to return to the Rules tab without deleting the rule.