Data access control via target object and security role

Through the DataControl object it is possible to control data access for a target user(s) for a given object connected to the target by checking if the user(s) belongs to a given role.

For example, if we want to limit access for the captain of a vessel to only be able to view voyages of their vessel, a DataControl object like this has to be posted:

{
    "matcherTarget": "User",
    "matcherAttributeTarget": "key",
    "objectName": "Voyage",
    "attribute": "voyageHeader.vesselCodes.masterUser",
    "dataControlRoleValues":[
    	{"role": "MASTER_ONLINE_VESSEL"}
    ]
}

matcherTarget defines the Dataloy object that has to be used as target object
matcherAttributeTarget defines the attribute in the matcherTarget object that has to be used against the attribute of the object (objectName)
objectName the Dataloy object that has to be applied the access control
attribute the attribute name that links the Dataloy object with the target object
dataControlRoleValues list of SecurityRole that the DataControl will be applied

In the above example if an User that belong to the SecurityRole "MATER_ONLINE_VESSEL" make a query to the endpoint Voyage, the server will return only the voyages that has voyageHeader.vesselCodes.masterUser = {the user that made the query}

PreviousData access control via target object NextData access control at object level

Was this helpful?