ACL (Access Control List)
The ACL tab allows you to define granular, area-specific permissions that override global defaults. This ensures that users in a particular Area (e.g., "Warehouse") have exactly the level of access they need for the collections associated with that workspace.
Adding an ACL
To create a new set of permissions for this area:
- Navigate to the ACL tab in the Area configuration.
- Click the Add ACL button.
- Fill in the Name, select Auth Collections, and choose the Roles.
- Define the Priority (higher numbers override lower ones).
- Configure collection-level permissions in the table below using the Tri-state Checkboxes.
- Click Create.
ACL Configuration
Define the scope and priority of the access control rule.
View all settings
| Setting | Description |
|---|---|
| Name | A descriptive name for this ACL rule (e.g., "Manager Read-Only"). |
| Auth Collections | The authentication sources this rule applies to. Supports multiple selections. |
| Roles | The roles that will inherit these permissions. Available roles depend on the selected Auth Collections. Supports multiple selections. |
| Priority | Determines rule precedence. For example, a priority of 3 overrides 2. |
Permission States
The ACL system uses Tri-state Checkboxes to manage complex permission logic. Each click cycles through these states:
| State | Icon | Semantics | Description |
|---|---|---|---|
| Allowed | true | The role/collection is granted explicit access for this action. | |
| Blocked | false | Access is locked. This cannot be overridden by other ACLs for the same role. | |
| Inherited | null | No explicit rule is set here. Access can be overridden by other ACL rules or global defaults. |
Collection Permissions
The permissions table lists all collections included in the Area. You can toggle specific actions for each role/collection combination.
Available Actions
Each collection supports the following granular permissions:
| Action | Description |
|---|---|
| List | Ability to see the collection in navigation and lists. |
| Select | Permission to read/view record data. |
| Detail | Access to the individual record detail view. |
| Create | Permission to add new records. |
| Update | Permission to modify existing records. |
| Delete | Permission to remove records. |
| Upload | Ability to upload files/data to the collection. |
| Self Access | Restricts users to only their own records (available if relationWithAuth is configured). |
UI Controls
Use the following controls to manage and audit permissions within the ACL table:
| Control | Action | Description |
|---|---|---|
| Relational Viewer | View related collections that might require synchronized permissions. | |
| Edit | Modify the settings and permissions of an existing ACL rule. | |
| Delete | Permanently remove an ACL rule from the Area. |
Use the Header Checkbox next to each action name (List, Select, etc.) to bulk-toggle permissions across all collections in the list.