1. Help Docs
  2. User Management
  3. Role Based Access Groups (RBAC)

User Access Groups Boolean Operator

For background please read the Role-Based Access Groups (RBAC) guide.

Core Data Structure

We recommend reading our article 'Introducing Gatekeeper' which outlines the data structure.


As shown in the core data structure diagram, Contracts are the base object that are linked to the other core objects: Suppliers, Teams, Categories and Entities, this data structure enables access to contracts to be provisioned by association.

How is access provisioned using access groups?

We use some basic operations of boolean algebra:

AND (Intersection of data)

The intersection venn diagram illustrates this. If each circle represents one of the core data objects provisioned in an access group e.g. An: Entity, Team, Supplier, the red colour illustrates the Contracts that will be provisioned by association e.g.:

  • All Contracts linked to the Entity

AND (that are also linked to)

  • All Contracts linked to the Team

AND (that are also linked to)

  • All Contracts linked to the Supplier

Example - Access group for the IT Team BUT only within the EMEA region

Requirement is for the EMEA IT Team to have access to all Contracts that are both linked to the IT Team AND the EMEA Entity (along with the associated Suppliers and Categories).

Access Group would look like this:
Entity = EMEA
Team = IT
Category = <blank>
Supplier = <blank>
Contract = <blank>

In short, by adding core items to the access group, less Contracts will be provisioned by association.

Please see our Access Group matrix for AND boolean operator article for further detail.

OR (Union of data)

The union venn diagram illustrates this. If each circle represents one of the core data objects provisioned in an access group e.g. An: Entity, Team, Supplier, the red colour illustrates the contracts that will be provisioned by association e.g :

  • All Contracts linked to the Entity

OR (as well as)

  • All Contracts linked to the Team

OR (as well as)

  • All Contracts linked to the Supplier

Example - Access group for the IT Team

Requirement is for the IT Team to have access to all Contracts linked to the IT Team (along with the associated Suppliers, Categories & Entities).

Access Group would look like this:
Entity = <blank>
Team = IT
Category = <blank>
Supplier = <blank>
Contract = <blank>

In short, by adding core items to the access group, more Contracts will be provisioned by association.

Using the OR operator also provisions access to additional core data items via secondary association - please see our Access Group matrix for OR boolean operator article for further detail.

Summary

By default the boolean operator is OR, to change this, navigate to Settings>Configuration>Role Based Access Groups (RBAC) Configuration. Here will be the switcher AND | OR .

Please note, this is a Gatekeeper wide setting that will impact all access groups (including any created before the boolean operator was changed).

During on-boarding, we will discuss this with you to help you choose the right setting for your setup.  Should you wish to change this at a later date, we recommend you contact us to support you with this initiative.