ACL (Access Control List)
The ACL tab lets you define granular, area-specific permissions that override global defaults. This ensures that users in a particular Area (for example, "Warehouse") have exactly the level of access they need for the collections associated with that workspace.
Go to Areas, select an Area, then click the ACL tab.
Adding an ACL
To create a new set of permissions for this area:
- Click the Add ACL button.
- Fill in the Name, select Auth Collections, and choose the Roles.
- Define the Priority (higher numbers override lower ones).
- Set collection-level permissions in the table below using the Tri-state Checkboxes.
- Click Create.
ACL configuration
Define the scope and priority of the access control rule.
| Setting | Description |
|---|---|
| Name | A descriptive name for this ACL rule (for example, "Manager Read-Only"). |
| Auth Collections | The authentication sources this rule applies to. Supports multiple selections. |
| Roles | The roles that will inherit these permissions. Available roles depend on the selected Auth Collections. Supports multiple selections. |
| Priority | Determines rule precedence. For example, a priority of 3 overrides 2. |
Permission states
The ACL system uses Tri-state Checkboxes to manage complex permission logic. Each click cycles through these states:
| State | Icon | Semantics | Description |
|---|---|---|---|
| Allowed | true | The role/collection is granted explicit access for this action. | |
| Blocked | false | Access is locked. This cannot be overridden by other ACLs for the same role. | |
| Inherited | null | No explicit rule is set here. Access can be overridden by other ACL rules or global defaults. |
Collection permissions
The permissions table lists all collections included in the Area. You can set specific actions for each role/collection combination.
Available actions
Each collection supports the following granular permissions:
| Action | Description |
|---|---|
| List | Ability to see the collection in navigation and lists. |
| Select | Permission to read/view record data. |
| Detail | Access to the individual record detail view. |
| Create | Permission to add new records. |
| Update | Permission to modify existing records. |
| Delete | Permission to remove records. |
| Upload | Ability to upload files/data to the collection. |
| Self Access | Restricts users to only their own records (available if relationWithAuth is configured). |
UI controls
Use the following controls to manage and audit permissions within the ACL table:
| Control | Action | Description |
|---|---|---|
| Relational Viewer | View related collections that might require synchronized permissions. | |
| Edit | Modify the settings and permissions of an existing ACL rule. | |
| Delete | Permanently remove an ACL rule from the Area. |
Use the Header Checkbox next to each action name (List, Select, etc.) to bulk-toggle permissions across all collections in the list.
Related
- Areas overview — Overview of all area configuration options
- General configuration — Define which collections are available in the Area
- Menu — Customize navigation for the Area
- Roles — Manage the roles referenced in ACL rules