• admin

Evaluating the ACL rule tree

Rules are defined by a combination of a condition, a value for that condition, and an access control list (ACL) that grants privileges to accessors.

  • The condition and value identify the set of objects to which the rule applies.

  • The ACL defines the privileges that are granted to users (accessors) specified in the ACL.

IF condition = value is TRUE, THEN apply ACL to object.


Rule Precedence:

Rule precedence for same level rule is from top to bottom in the tree, with the highest rule having greatest precedence and the lowest rule having least precedence.

Rule Execution at same level

Rule precedence for Sub branch rule is from bottom to top in the tree, with the highest rule having least precedence and the lowest rule having greatest precedence.

Sub Branch Rule Execution

Note:

  • Rules higher in the rule tree are more global in nature and apply to all object types.

  • Lower-level rules refine access to more specific objects.

  • Trim rules that do not apply to the object because their conditions are false.


Accessor precedence:

Accessors have a predefined precedence in the system. We can not create or define precedence for accessors. By default, Teamcenter sorts the accessors defined for the rule.


Accessor Precedence