Basics about access functions in an access role
An ACE user is given an access role containing access functions. The access functions define exactly which ACE functions the user is able to utilise. An overview of the Access roles window, and the full description of how to manage an access role and its access functions, are found in Basics about access roles.
An access function consists of two parts:
- The so-called operation. What the user is allowed to do.
- Modify
- Change configurations of objects.
If you are entitled to
Modify user
, you can e.g. change the surname and first name in a user accounts. - Own
- Create and delete objects, as well as modify as described above.
- View
- View objects, i.e. to see their occurrence and the configurations associated with the objects.
If you are entitled to e.g. View user, you can see a person’s surname and first name but not change the names in the user account.
- Execute
- Carry out the function that object represents. Execute is quite different from Own and Modify. The Execute operation can only be combined with object types that in themselves represent functional possibilities in ACE. See example below.
- The so-called object type. Where and what the user is allowed to Modify, Own, View and Execute.
All described in The list of all access functions.