IBM RegTech Ideas Portal

 Welcome!

 

Our team welcomes any feedback and suggestions you have for improving our offerings. This forum allows us to connect your product improvement ideas with IBM product and engineering teams.

 

For product documentation, see Knowledge Center.
Create and View Support Cases and Use the Discussion Forum here

 

Reminder: This is not the place to submit defects or support needs, please use normal support channel for these cases

 

The shorter URL for this site is:   http://ibm.biz/WFS-Ideas

IBMers, please visit the WFSS Internal Ideas portal https://ibm.biz/WFS-Internal-Ideas

 

note: The IBM ICM IDEAS Portal is no longer available at this location. If you have reached this page, please look for a new link in the Varicent Administrator. Direct links are found under the "?" in the upper right corner.
A period of transition is likely to impact this service, while ICM becomes Varicent. Please contact Varicent support if you have additional challenges or concerns.

Granting Navigational Access instead of full Read access to Business Entities above Security Context Point

Consider the below Business Entity hierarchy:

Level 0 BE -> Level 1 BE -> Level 2 BE -> Level 3 BE

If a users security context point is /Level 0 BE/Level 1 BE/Level 2 BE/Level 3 BE, then the user can still access the details of all the top level Business Entities in the primary parent path of 'Level 3 BE'. Instead of granting full READ access to the Parent BEs, wouldn't it be better to just provide Navigational access where you can navigate from Level 0 BE to Level 3 BE but the user cannot view details of Level 0 BE through Level 2 BE.

Yes, we can apply Field Level Security Rules, but just granting navigational access would be a much cleaner approach as there is a maintenance involved (to the rules) when new fields are added.

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Jun 8 2020
  • Reviewing
Component Platform Features
Priority Medium - Important
  • Attach files
  • Admin
    JOHN Lundgren commented
    9 Jun 04:03pm

    Thank you for submitting this Idea!

    The IBM team is evaluating this enhancement request. A decision or request for more information will be provided within 90 days.