Skip to main content
Mitratech Success Center

Access Control Lists Inheritance

Access Control List inheritance refers to the settings of Allow, Deny or Inherited for Users, Roles and Groups so they can access Data Definitions, Users, Roles and Groups.

Permissions for a particular User, Role or Group are tri-state:

  • Allow: Gives the item permission to administer that area of functionality.
  • Deny: Refuses the item permission to administer that area of functionality.
  • Inherited: Allows the item to inherit their permissions from a Parent.

Item is a User, Group or Role

Note: Item refers to the User, Group or Role to which you want give another User, Group or Role access.

For a User, Group or Role, the operations which can be set to Allow, Deny or Inherited are:

  • Read
  • Update
  • Delete
  • Change password (Not available for Roles)
  • Set access control

These operations are described in:

Table 154, “Terminology: Group Access Control List (ACLs)
Table 158, “Terminology: Role Access Control List (ACLs)
Table 161, “Terminology: User Access Control List (ACLs)

  1. The access settings for a User to an operation on the Item (User, Group or Role) are calculated:
    1. Check for Explicit User Allow/Deny.
    2. Check For Explicit User Role(s) Deny.
    3. Check For Explicit User Role(s) Allow.
    4. Check For Explicit Group(s) Deny.
    5. Check For Explicit Group(s) Allow.
    6. Check For Explicit Group(s) Role Deny.
    7. Check For Explicit Group(s) Role Allow.
    8. Steps iv to vii are repeated for Parents of the Parent groups (until there are no more Parent groups).
  2. If no explicit access permissions are found, repeat step 1 with the Roles to which the item belongs.
  3. If no explicit access permissions are found, repeat step 1 with the Groups to which the item belongs.
  4. If no explicit access permissions are found, repeat step 1 with the Parents of the Groups to which the item belongs.
  5. If no explicit permissions are found, then Deny access for the User to the item.

Item is a Data Definition

For a Data Definition, the operations which can be set to Allow, Deny or Inherit can be seen in Table 17, “Terminology: Data Definition Access Control List (ACLs)

Note: Item refers to the User, Group or Role to which you want give another User, Group or Role access.

  1. The access settings for a User to a Data Definition are calculated:
    1. Check for Explicit User Allow/Deny for the operation.
    2. Check For Explicit User Role(s) Deny for the operation.
    3. Check For Explicit User Role(s) Allow for the operation.
    4. Check For Explicit Group(s) Deny for the operation.
    5. Check For Explicit Group(s) Allow for the operation.
    6. Check For Explicit Group(s) Role Deny for the operation.
    7. Check For Explicit Group(s) Role Allow for the operation.
  2. Steps i to vii are repeated for the Category and Parent Categories to which the Data Definition is assigned, until there are no more Parent Categories.
  3. If no explicit permissions are found, then Deny access for the User to the operation on the Data Definition.
  • Was this article helpful?