Use relation security modes to control how security rules
for states are applied to relation attributes. You can include relation
attributes among the Modifiable Attributes in
security rules for states. Being able to modify a relation attribute
means that a user can associate and disassociate CRs on dialog boxes
that have the relation attribute.
For example, suppose you are defining parent and child CRs with
the following characteristics:
- A parent CR can create or delete a child CR relationship (associate
or disassociate itself from a child CR). It uses the cr_child relation
attribute when the parent CR is in the assigned state.
- A child CR can create or delete a parent CR relationship (associate
or disassociate itself from a parent CR). It uses the has_cr_child relation
attribute when the child CR is in the entered_child_cr state.
- The user must have the assigner privilege to
modify a CR in the assigned state, and the cr_child relation
attribute is included in Modifiable Attributes.
- The user must have the assigner_child_cr privilege
to modify a CR in the entered_child_cr state, and
the has_cr_child relation attribute is included in Modifiable
Attributes.
In this example, the relation security modes provide the following
security options:
- Do not apply relation security
Users
can create and delete relationships to child CRs from parent CRs in
any state, regardless of the security rules. This setting is the default
setting.
- Apply relation security to both objects
Users
can create and delete relationships to child CRs from parent CRs only
if the security rules for both the parent and child CRs are satisfied.
- Apply relation security to source object only
Users
can create and delete relationships to child CRs from parent CRs only
if the security rules for the parent CR are satisfied.
- Apply relation security to the destination object only
Users
can create and delete relationships to child CRs from parent CRs only
if the security rules for the child CR are satisfied.