Use relation security modes to control how security rules for states are applied to relation attributes. You can include relation attributes among the Modifiable Attributes in security rules for states. Being able to modify a relation attribute means that a user can associate and disassociate CRs on dialog boxes that have the relation attribute.
For example, suppose you are defining parent and child CRs with the following characteristics:
- A parent CR can create or delete a child CR relationship (associate or disassociate itself from a child CR). It uses the cr_child relation attribute when the parent CR is in the assigned state.
- A child CR can create or delete a parent CR relationship (associate or disassociate itself from a parent CR). It uses the has_cr_child relation attribute when the child CR is in the entered_child_cr state.
- The user must have the assigner privilege to modify a CR in the assigned state, and the cr_child relation attribute is included in Modifiable Attributes.
- The user must have the assigner_child_cr privilege to modify a CR in the entered_child_cr state, and the has_cr_child relation attribute is included in Modifiable Attributes.
In this example, the relation security modes provide the following security options:
- Do not apply relation security
Users can create and delete relationships to child CRs from parent CRs in any state, regardless of the security rules. This setting is the default setting.
- Apply relation security to both objects
Users can create and delete relationships to child CRs from parent CRs only if the security rules for both the parent and child CRs are satisfied.
- Apply relation security to source object only
Users can create and delete relationships to child CRs from parent CRs only if the security rules for the parent CR are satisfied.
- Apply relation security to the destination object only
Users can create and delete relationships to child CRs from parent CRs only if the security rules for the child CR are satisfied.