Event Rule Permissions

Permission to manage various aspects of the Event Rule system must be explicitly given to delegated administrators. (Server and Site administrators have all permissions to Event Rules.) Granular Event Rule permissions allow the EFT administrator to control which administrators have control over certain objects. If you change the Event Rule permissions for an administrator account while the administrator user is logged in to the administration interface, the user will have to log out and then log back in to effect the changes.

For delegated administrators to have Allow permission for ALL Event Rules, the Server administrator must configure permissions at the Event Rules node. To assign permissions only on certain Event Rule folders or only on certain Event Rules, right-click the folder or Event Rule, then click Permissions.

To manage permissions

  1. Log in as the Server administrator.

  2. Right-click the Event Rules node, an Event Rules folder, an Event Rule, the Advanced Workflows node, or a Workflow, then click Permissions.

  3. The Permissions dialog box appears. (The text in the title bar of the dialog box changes depending on which item in the tree you clicked.)

  4. Click Add. Only Site and Event Rule administrators are present in the dialog box.

  5. Click the administrator(s) for whom you want to add/edit permissions, then click OK.

  6. The tristate check box for each permission has the following meanings:

  7. Select the check boxes of the permissions that you want to Allow or Deny.

  8. Click OK.

  9. The permissions assigned at the node level and at the folder level are inherited by the items in the node or folder. You can then, as needed, edit the permissions for specific Event Rules, Workflows, or Event Rule folder.

Container Permissions

Permissions can be inherited from Container to Folder to Object. The table below describes the granular nature of these permissions.

Permission

Container

Folder

 

Write

Create Folder or Object

Create Object

Update Object

Read

List

List + Show in Container List

Read + Show in Container or Folder List

Delete

None (inheritance only)

Delete this Folder

Delete this Object

Execute

None (inheritance only)

None (inheritance only)

  • Execute Rule

  • Execute via Web-services

Manage permissions

Read and Write Permissions

Read and Write Permissions

Read and Write Permissions

Rename object requires

Write on Container or Folder + Delete on the Object

Rename folder requires

Write on Container + Delete on the Folder

Move rule requires:

Write on destination Container or Folder + Delete on the Rule

Delete non-empty rule folder requires

  • Delete Permission on each containing Rule

  • Administrator will receive “Need to Refresh” error when trying to remove/rename rules for which he/she has no Read Permission (e.g. when deleting non-empty folder containing “invisible” rules).

Reordering rules

  • Requires Delete + Manage Permissions on Container

  • Given an ordered set of Rules {R1, R2, …,  RN}, of which an administrator sees {Ri1, Ri2, …,  RiM}. If the administrator moves the Rule Rij up, it will place the Rule in the complete list just before Rij-1. Move the Rule Rij down is interpreted as move the Rule Rij-1 up.

If an administrator has no Read permission on a Command, they will not be able to

  • See the Command in Choose Command list of Execute Command Action dialog box

  • Assign the Command to the Rule (for example, when applying changes to the Event Rule with the Execute Command Action configured by other administrator)

If an administrator has no Write permission in Command Container, they will not be able to

  • Create Custom Command via Event Rules interface.

If an administrator has no Read permission on a Workflow, they will not be able to

  • See the Workflow in Choose Workflow list of Advanced Workflow Action dialog box.

  • Assign the Workflow to the Rule (for example, when applying changes to the Event Rule with the Advanced Workflow Action configured by other administrator).

If an administrator has no Read permission on a Profile, they will not be able to

  • See the Profile in Choose Profile list of Offload/Download Action wizard.

  • Assign the Profile to the Rule (for example, when applying changes to the Event Rule with the Offload/Download Action configured by other administrator).