This article provides details on the Boolean Operator for Role Based Access Groups.
Estimated Read Time: 5 minutes
Sections in this article:
For background, see Role-Based Access Groups (RBAC).
Core Data Structure Overview
As shown in the core data structure diagram, Contracts are the base object that are linked to the other core objects: Suppliers, Teams, Categories and Entities. This data structure enables access to contracts to be provisioned by association.
Boolean Operators
The boolean operator determines how access groups provision objects to users:
AND (Intersection of data)
For the AND operator, a contract must match all selected conditions to be provisioned.
In the Venn diagram, each circle represents a different core data object provisioned in an RBAC groupβsuch as Entity, Team, and Supplier. The red-shaded intersection represents the contracts that meet all these conditions:
β
The contract is linked to the Entity
β
AND it is also linked to the Team
β
AND it is also linked to the Supplier
Only contracts that meet all three conditions will be accessible. This makes AND a more restrictive option, as fewer contracts will qualify.
Example - IT Team Access Restricted to the EMEA Region
Requirement: The IT Team in the EMEA region should only have access to contracts that are both linked to:- The IT Team
- AND the EMEA Entity
The AND operator ensures they can only see contracts that match both conditions, along with their associated suppliers and categories.
Access Group Configuration:
- Entity = EMEA
- Team = IT
- Category = (not specified)
- Supplier = (not specified)
- Contract = (not specified)
By defining both Entity and Team, only contracts meeting both conditions will be accessible.
When the AND operator is used, the more objects you add to an access group, the fewer contracts will be provisioned.
See our Access Group matrix for AND boolean operator article for further detail.
OR (Union of data)
For the OR operator, a contract will be provisioned if it matches any of the selected criteria.
In this Venn diagram, the red area highlights the contracts that will be accessible based on any of these associations:
- All contracts linked to the Entity
- OR all contracts linked to the Team
- OR all contracts linked to the Supplier
This makes the OR operator less restrictive than the AND operator.
Example - Access Group for the IT Team
Requirement: Users in this group should have access to all contracts that are either:
- Linked to the IT Team, OR
- Categorised under Software, regardless of the team.
Access Group Configuration:
- Entity = (not specified)
- Team = IT
- Category = Software
- Supplier = (not specified)
- Contract = (not specified)
Because the OR operator is used, this configuration provides access to:
β All contracts linked to the IT Team (even if they are not Software-related)
β All contracts categorised as Software (even if they are managed by other teams)
This means a contract does not need to be linked to both IT and Software - it just needs to match one of these conditions to be visible.
When the OR operator is used, adding more objects to an access group will provision more Contracts by association.
Using the OR operator also provisions access to additional core data items via secondary association - see Access Group matrix for OR boolean operator for further detail.
Additional Reading
- Introducing Gatekeeper - outlines the core data structure in further detail and provides explanations of each object.
- Role-Based Access Controls (RBAC) - gives an overview of Role Based Access Controls and how to configure the operator.
- Create an Access Group (RBAC) - provides steps on creating an access group and assigning it to a user.