🖍️
Dataloy VMS API Documentation
API Release 8.5
API Release 8.6API Release 8.5(Old) Dataloy VMS API Documentation
API Release 8.5
API Release 8.6API Release 8.5(Old) Dataloy VMS API Documentation
  • Dataloy VMS API
  • Dataloy Rest API
    • What is it?
    • Authentication / Authorization
    • Getting Started
    • Data Model
    • Filtering
    • Sorting
    • Pagination
    • Adjust Number of Fields to be Returned from a Request
    • Webhooks
      • Webhook example
      • Expressions Made Easy
      • Webhooks - New functionalities
    • Master data Objects
    • Attachments
    • Audit Log
  • User Guides
    • Accounting Integration API
      • Invoicing
      • Payments/Receipts
      • Voyages
      • Business Partners
      • Exchange Rates
      • Bunker Transactions
      • Actuals
      • Autopost Invoices
      • Accruals
    • Schedule API
    • Bunker Order Integration API
    • Service Order Integration API
    • Vessel Report
      • Release 8.0
      • Release 7.3 - 7.12
      • Release 7.0 - 7.2
      • Release 6.29 - 6.46
      • Legacy version (6.26 - 6.28)
      • Vessel report master data
    • Bunker Consumption API
    • Left join in API queries
    • Enterprise functionalities
      • Versioning
      • Endpoint access control
      • Data access control via target object
      • Data access control via target object and security role
      • Data access control at object level
      • Fields access control
      • Alert Scripts
      • Websockets
      • Bulk Deletion
      • Copy objects
      • OR and AND operators in API queries
      • Sub queries
      • XML Transformation
      • Expressions
      • Bulk Update
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. User Guides
  2. Enterprise functionalities

Data access control via target object and security role

Through the DataControl object it is possible to control data access for a target user(s) for a given object connected to the target by checking if the user(s) belongs to a given role.

For example, if we want to limit access for the captain of a vessel to only be able to view voyages of their vessel, a DataControl object like this has to be posted:

{
    "matcherTarget": "User",
    "matcherAttributeTarget": "key",
    "objectName": "Voyage",
    "attribute": "voyageHeader.vesselCodes.masterUser",
    "dataControlRoleValues":[
    	{"role": "MASTER_ONLINE_VESSEL"}
    ]
}

  • matcherTarget defines the Dataloy object that has to be used as target object

  • matcherAttributeTarget defines the attribute in the matcherTarget object that has to be used against the attribute of the object (objectName)

  • objectName the Dataloy object that has to be applied the access control

  • attribute the attribute name that links the Dataloy object with the target object

  • dataControlRoleValues list of SecurityRole that the DataControl will be applied

In the above example if an User that belong to the SecurityRole "MATER_ONLINE_VESSEL" make a query to the endpoint Voyage, the server will return only the voyages that has voyageHeader.vesselCodes.masterUser = {the user that made the query}

PreviousData access control via target objectNextData access control at object level

Was this helpful?