Data Entitlements

Data Control Entitlements allow you to set up permissions for who can view, edit, or approve data within a table. Note that this was formerly called "Design Controls"

Table of Contents

Table of Contents
#1.-overview-and-example
#2.-table-level-entitlements
#3.-column-level-entitlements
#4.-row-level-entitlements

1. Overview and Example

1. When viewing a table, click on Data Controls > Entitlements from the left navigation menu (Image 1).

Image 1: Step 1, Entitlements

2. Currently both the table creator and anyone in the Cinchy Administrators group has access to perform any action on any objects. You can give granular entitlements at a Group or a User level, for both viewing and editing access (Image 2).

Image 2: Step 2, An example of Entitlements

3. In the above scenario, John Smith is part of the Developers group. He is able to view all columns via the entitlement to the Developers group, and he is able to edit both the First Name and Last Name column through different entitlements.

2. Table Level Entitlements

There are certain entitlements in the Data Controls menu that apply to the entire table.

2.1 Marketplace

Approving this entitlement enables users to see and serarch for the table in the Marketplace/Homepage.

2.2 Bulk Export

Approving this entitlement enables users to export data from the table via the Manage Data screen (Image 3).

Image 3: Step 2.2 Bulk Export

2.3 Direct Query

Approving this entitlement enables users to query the data from the table directly in the Query Builder (Image 4).

Image 4: Step 2.3 Direct Queries

2.4 Design Table

Approving this entitlement enables users to alter the structure of the table.

This is a builder/administrative function and should not generally be granted to end users.

2.5 Design Controls

Approving this entitlement enables users to change the permissions on a table.

This is a builder/administrative function and should not generally be granted to end users.

3. Column Level Entitlements

There are certain entitlements in the Data Controls menu that apply only to columns.

3.1 View All Columns

Approving this entitlement enables users to view all columns within the table.

Note that this applies to any new columns that are added to the table after providing this permission as well.

3.2 View Specific Columns

This is a drop down where you can select the specific columns you want to grant view access to for users.

3.3 Edit All Columns

Approving this entitlement enables users to edit all columns within the table.

Note that this applies to any new columns that are added to the table after providing this permission as well.

Giving a user edit permission will also give them view permission.

3.4 Edit Specific Columns

This is a drop down where you can select the specific columns you want to grant edit access to for users.

Giving a user edit permission will also give them view permission.

3.5 Approve All Columns

Approving this entitlement enables users to approve all columns within the table. This also allows users to approve Create and Delete requests.

Note that this applies to any new columns that are added to the table after providing this permission as well.

Approve permissions only apply when Change Approvals are enabled.

Giving a user approve permission will also give them view permission.

3.6 Approve Specific Columns

This is a drop down where you can select the specific columns you want to grant approve access to for users.

Approve permissions only apply when Change Approvals are enabled.

Giving a user approve permission will also give them view permission.

3.7 Link Columns

Link columns require both permission to the column within this table, as well as the column in the link column itself.

4. Row Level Entitlements

These are entitlements that apply to specific rows. Used in conjunction with Column Level entitlements this allows for granular cell level entitlements.

4.1 Insert Row

Approving this entitlement enables users to create new rows in the table.

4.2 Delete Row

Approving this entitlement enables users to delete rows in the table.

4.3 Viewable & Editable Row Filter

This is a CQL fragment that applies a filter to which rows will be viewable or editable. Think of the column entitlements and the fragment as a SQL statement applied to the table.SELECT {Edit Selected Columns} WHERE {Editable Row Filter}

4.4 Examples for Row Filter

Most of these examples will be with the editable row filter so it is easy to see the underlying data for comparison. However this can be done for viewable row data as well.

Sample Data

(Image 5)

Image 5: Sample Data

Simple Example

With the following entitlements (Image 6):

• Edit Specific Columns: Age

• Editable Row Filter: [Age] > 30

Image 6: Simple Example

Example with Viewable Data

(Image 7)

• View Specific Columns: First Name, Last Name

• Viewable Row Filter: [End Date] IS NULL OR [End Date] > GetDate()

Image 7: Example with Viewable Data

Layer On Another Entitlement

(Image 8)

• View Specific Columns: All

• Edit Specific Columns: First Name, Last Name, Age

• Viewable Row Filter: [First Name] = 'John'

• Editable Row Filter: [First Name] = 'John'

Image 8: Layer on Another Entitlement

Example for Current User

(Image 9)

Image 9: Example for current user

For the All Users group:

(Image 10)

• View All Columns: Check

• Edit Selected Columns: First Name, Last Name

• Editable Row Filter: [User Account].[Cinchy Id] = CurrentUserId()

Image 10: For the All Users Group

To allow a user to edit certain fields of their own data, you will need an association from a user to the [Cinchy].[Users] table. You can then use the following function to allow edit for that user, where [...] is the chain of link columns to get to the Users table.

[...].[Cinchy Id] = CurrentUserId()