Column Access Modifier Registry entry
Modify the default Column Access values based on data found in the current record.
The Column Access Modifier Registry entry is used to modify the default Column Access values based on data found in the current record.
Usage
This Registry entry can be assigned to users and groups:
Key | User | User | Group | Group | Group | Group |
---|---|---|---|---|---|---|
Key 1 | User
|
User
|
Group
|
Group
|
Group
|
Group
|
Key 2 | user | user | group | group | Default
|
Default
|
Key 3 | Table
|
Table
|
Table
|
Table
|
Table
|
Table
|
Key 4 | table | Default
|
table | Default
|
table | Default
|
Key 5 | Column Access Modifier
|
|||||
Key 6 | column | |||||
Key 7 | value | |||||
Value | settings |
User
|
user | Table
|
table | Column Access Modifier
|
column | value | settings |
User
|
user | Table
|
Default
|
Column Access Modifier
|
column | value | settings |
Group
|
group | Table
|
table | Column Access Modifier
|
column | value | settings |
Group
|
group | Table
|
Default
|
Column Access Modifier
|
column | value | settings |
Group
|
Default
|
Table
|
table | Column Access Modifier
|
column | value | settings |
Group
|
Default
|
Table
|
Default
|
Column Access Modifier
|
column | value | settings |
where:
column |
is the back-end name for a field to be consulted to look for a matching value. |
||||||||||||||||||||
value |
is a case insensitive match (i.e. patterns / wildcards are not allowed, unlike with the Security|Update Registry entry). The value is checked against the complete contents of column. If column is a table of values, each entry in the table is tested. If one matches, the Registry entry applies. Values of |
||||||||||||||||||||
settings |
is a semicolon separated list of assignments to columns that is applied if there is a match of the data in column with the value query. The format of settings is: column where: |
||||||||||||||||||||
|
When using -dv
permissions (-dvDisplay
, -dvEdit
, -dvInsert
and -dvQuery
) to hide columns in the
- Title: (Person Details)
- First: (Person Details)
- Middle: (Person Details)
- Last: (Person Details)
- Suffix: (Person Details)
- Other Names: (Person Details)
Applying -dvDisplay
to Title: (Person Details) will hide all fields in the Person Details group of fields.
Note: Setting -duReplace
on a column does not guarantee that users are unable to perform a Global Replace on that column, and in some circumstances a -duReplace
permission set on a column in a record will be ignored when a Global Replace is performed.
Permissions assigned by the Column Access Modifier Registry entry affect operations in the Windows client but Global Replace is a server-side operation and the Texpress server is ignorant of column level permissions set in the client.
When defining a Global Replace, a list of fields is presented to the user in the Substitution box: the list of fields that displays in the Substitution box depends on whether the -duReplace
permission has been set on a column in the current record. In other words, the Windows client determines which fields will display in the list based on the permissions set on columns in the current record:
- If the
-duReplace
permission has been set on a column in the current record, the field will not display in the list of fields on which a substitution can be performed and it will not therefore be possible to perform a substitution on that column in any record. - If the
-duReplace
permission has not been set on a column in the current record, the field will display in the list of fields on which a substitution can be performed and it will be possible to perform a substitution on that column. However, as has been noted, Global Replace is a server-side operation and the Texpress server is ignorant of column level permissions set in the client: this means that the substitution will be performed on the column in every record even if the-duReplace
permission has been set on it.
Examples
For this example, we want to ensure the current location field cannot be updated for deaccessioned objects, i.e. we want to remove the duEdit
permission where the object status is deaccessioned
. A suitable entry is:
Key | Setting |
---|---|
Key 1 | Group
|
Key 2 | Default
|
Key 3 | Table
|
Key 4 | ecatalogue
|
Key 5 | Column Access Modifier
|
Key 6 | TitObjectStatus
|
Key 7 | Deaccessioned
|
Value | LocCurrentLocation=-duEdit
|
Now when deaccessioned objects are displayed, the current location field will be grCurator
.
Unlike the Security|Update Registry entry, where changes are applied when a record is saved, Column Access Modifier entries are applied immediately. If the content of a column is changed and it matches an entry, the entry is applied at once. Also, after applying any Column Access Modifier entries, any column affected by previous changes but not updated with the current changes will be reset to its default setting (as defined by the Column Access Registry setting).
In this next example, we want members of group Student to be able to change the Notes field for records that are not deaccessioned (in other words, if the object status changes to deaccesioned
, members of group Student should no longer be able to edit the Notes field). In order to provide this setting the default Column Access settings must have duEdit
enabled for group Student. The Registry entries required are:
Key | Setting |
---|---|
Key 1 | Group
|
Key 2 | Student
|
Key 3 | Table
|
Key 4 | ecatalogue
|
Key 5 | Column Access
|
Key 6 | NotNotes
|
Value | dvQuery;dvDisplay;dvEdit;dvInsert;duEdit;duInsert;duQuery;duReplace
|
Key | Setting |
Key 1 | Group
|
Key 2 | Student
|
Key 3 | Table
|
Key 4 | ecatalogue
|
Key 5 | Column Access Modifier
|
Key 6 | TitObjectStatus
|
Key 7 | Deaccessioned
|
Value | NotNotes=-duEdit
|
The first entry sets the default permissions for the column NotNotes. Notice that duEdit
is enabled by default. This allows members of group Student to change the contents of the field.
The second entry modifies the default settings to turn off duEdit
where the object is deaccessioned.
The above entries show how the Column Access Modifier Registry entry may be used with the Column Access Registry entry to provide a predicable set of permissions for all object status values.
In this last example we disable editing for all users in group Curator of the Other Titles field until a value is entered into the Title field. The restriction is to apply when creating records as well as modifying records. The following entry could be used:
Key | Setting |
---|---|
Key 1 | Group
|
Key 2 | Curator
|
Key 3 | Table
|
Key 4 | ecatalogue
|
Key 5 | Column Access Modifier
|
Key 6 | TitMainTitle
|
Key 7 | NULL
|
Value | TitOtherTitles=-duEdit:-duInsert
|
You may have been tempted to use the following entries:
Key | Setting |
---|---|
Key 1 | Group
|
Key 2 | Curator
|
Key 3 | Table
|
Key 4 | ecatalogue
|
Key 5 | Column Access Modifier
|
Key 6 | TitMainTitle
|
Key 7 | NULL
|
Value | TitOtherTitles=-duEdit:-duInsert
|
Key | Setting |
Key 1 | Group
|
Key 2 | Curator
|
Key 3 | Table
|
Key 4 | ecatalogue
|
Key 5 | Column Access Modifier
|
Key 6 | TitMainTitle
|
Key 7 | NOT NULL
|
Value | TitOtherTitles=+duEdit:+duInsert
|
to ensure that users can edit the Other Titles field if the main title is filled. The second Registry entry forces the edit and insert privileges to be enabled even if the default Column Access settings do not allow it. It may be your intention to have this behavior, however the original brief only stipulated that edit and insert permissions should be disabled for other titles if the main title is empty. It is not expressed what the permissions should be if the main title is filled. Another way of writing the second set of Registry entries is:
Key | Setting |
---|---|
Key 1 | Group
|
Key 2 | Curator
|
Key 3 | Table
|
Key 4 | ecatalogue
|
Key 5 | Column Access
|
Key 6 | TitOtherTitles
|
Value | dvQuery;dvDisplay;dvEdit;dvInsert;duEdit;duInsert;duQuery;duReplace
|
Key | Setting |
Key 1 | Group
|
Key 2 | Curator
|
Key 3 | Table
|
Key 4 | ecatalogue
|
Key 5 | Column Access Modifier
|
Key 6 | TitMainTitle
|
Key 7 | NULL
|
Value | TitOtherTitles=-duEdit:-duInsert
|
In this case the default column permissions enable edit and insert privileges, while the second Registry entry disables edit and insert if the main title is empty. If the main title is filled, the default permissions are applied, hence enabling edit and insert privileges.