Role Based Access Groups (RBAC)
      Back to home
      1. Knowledgebase
      2. User Management
      3. Role Based Access Groups (RBAC)

      User Access Groups Boolean Operator

      For background please read the Role-Based Access Groups (RBAC) guide.

      Core Data Structure

      We recommend reading our article 'Introducing Gatekeeper' which outlines the data structure.


      As shown in the core data structure diagram, Contracts are the base object that are linked to the other core objects: Suppliers, Teams, Categories and Entities, this data structure enables access to contracts to be provisioned by association.

      How is access provisioned using access groups?

      We use some basic operations of boolean algebra:

      AND (Intersection of data)

      The intersection venn diagram illustrates this. If each circle represents one of the core data objects provisioned in an access group e.g. An: Entity, Team, Supplier, the red colour illustrates the Contracts that will be provisioned by association e.g.:

      • All Contracts linked to the Entity

      AND (that are also linked to)

      • All Contracts linked to the Team

      AND (that are also linked to)

      • All Contracts linked to the Supplier

      Example - Access group for the IT Team BUT only within the EMEA region

      Requirement is for the EMEA IT Team to have access to all Contracts that are both linked to the IT Team AND the EMEA Entity (along with the associated Suppliers and Categories).

      Access Group would look like this:
      Entity = EMEA
      Team = IT
      Category = <blank>
      Supplier = <blank>
      Contract = <blank>

      In short, by adding core items to the access group, less Contracts will be provisioned by association.

      Please see our Access Group matrix for AND boolean operator article for further detail.

      OR (Union of data)

      The union venn diagram illustrates this. If each circle represents one of the core data objects provisioned in an access group e.g. An: Entity, Team, Supplier, the red colour illustrates the contracts that will be provisioned by association e.g :

      • All Contracts linked to the Entity

      OR (as well as)

      • All Contracts linked to the Team

      OR (as well as)

      • All Contracts linked to the Supplier

      Example - Access group for the IT Team

      Requirement is for the IT Team to have access to all Contracts linked to the IT Team (along with the associated Suppliers, Categories & Entities).

      Access Group would look like this:
      Entity = <blank>
      Team = IT
      Category = <blank>
      Supplier = <blank>
      Contract = <blank>

      In short, by adding core items to the access group, more Contracts will be provisioned by association.

      Using the OR operator also provisions access to additional core data items via secondary association - please see our Access Group matrix for OR boolean operator article for further detail.

      Summary

      By default the boolean operator is OR, to change this, navigate to Settings>Configuration>Role Based Access Groups (RBAC) Configuration. Here will be the switcher AND | OR .

      Please note, this is a Gatekeeper wide setting that will impact all access groups (including any created before the boolean operator was changed).

      During on-boarding, we will discuss this with you to help you choose the right setting for your setup.  Should you wish to change this at a later date, we recommend you contact us to support you with this initiative.