Basics about access functions in an access role

An ACE user is given an access role containing access functions. The access functions define exactly which ACE functions the user is able to utilise. An overview of the Access roles window, and the full description of how to manage an access role and its access functions, are found in Basics about access roles.

An access function consists of two parts:

1. The so-called operation. What the user is allowed to do.

   Modify

   Change configurations of objects.

   If you are entitled to Modify user, you can e.g. change the surname and first name in a user accounts.

   Own

   Create and delete objects, as well as modify as described above.

   View

   View objects, i.e. to see their occurrence and the configurations associated with the objects.

   If you are entitled to e.g. View user, you can see a person’s surname and first name but not change the names in the user account.

   Execute

   Carry out the function that object represents. Execute is quite different from Own and Modify. The Execute operation can only be combined with object types that in themselves represent functional possibilities in ACE. See example below.

2. The so-called object type. Where and what the user is allowed to Modify, Own, View and Execute.

All described in The list of all access functions.