Access Control

For access control, you can automatically create, update, and delete various security related components. You can use the MDL to configure this programmatically by writing code to retrieve information from a Vault and apply the changes.

This is useful when it's necessary to generate or manage a large number of security components within a Vault or between Vaults. If you only need to modify a single object or document's security, use the Admin UI functionality. This example walks through managing the Atomicsecurity component to hide system fields, such as Created Date and Last Modified Date, from users in the Viewer role while granting Read access on system fields for all other roles. We will configure this same behavior across all objects and lifecycle states and modify the following on a single object:

component_name: You can use any API name and Vault automatically updates the name to a concatenation of object.object_lifecycle.state.
object: The object we're applying Atomic Security to
object_lifecycle: The object lifecycle we're applying Atomic Security to
state: The state of the lifecycle we're applying Atomic Security to
Fieldssecurity: A subcomponent of Atomicsecurity that defines the role (viewer__c), the type (hide__v), and fields (created_date__v, created_by__v, modified_date__v, modified_by__v) it applies to.

RECREATE Atomicsecurity component_name__c (
   label('Test Object 1-Test Object Lifecy-Active'),
   active(true),
   object('Object.test_object_1__c'),
   object_lifecycle('Objectlifecycle.test_object_lifecycle_lifecycle__c'),
   state('Objectlifecyclestate.active_state__c'),
   Fieldsecurity viewer__v.hide__v.field_security__c(
      label('Viewer-Hide'),
      active(true),
      role('Objectlifecyclerole.viewer__v'),
      type('hide__v'),
      fields('Field.created_by__v',
         'Field.created_date__v',
         'Field.modified_by__v',
         'Field.modified_date__v')
   )
);

RECREATE Atomicsecurity component_name (
   label('Test Object 1-Test Object Lifecy-Inactive'),
   active(true),
   object('Object.test_object_1__c'),
   object_lifecycle('Objectlifecycle.test_object_lifecycle_lifecycle__c'),
   state('Objectlifecyclestate.inactive_state__c'),
   Fieldsecurity viewer__v.hide__v.field_security__c(
      label('Viewer-Hide'),
      active(true),
      role('Objectlifecyclerole.viewer__v'),
      type('hide__v'),
      fields('Field.created_by__v',
         'Field.created_date__v',
         'Field.modified_by__v',
         'Field.modified_date__v')
   )
);

RECREATE Atomicsecurity component_name (
   label('Test Object 1-Test Object Lifecy-Test'),
   active(true),
   object('Object.test_object_1__c'),
   object_lifecycle('Objectlifecycle.test_object_lifecycle_lifecycle__c'),
   state('Objectlifecyclestate.test_state__c'),
   Fieldsecurity viewer__v.hide__v.field_security__c(
      label('Viewer-Hide'),
      active(true),
      role('Objectlifecyclerole.viewer__v'),
      type('hide__v'),
      fields('Field.created_by__v',
         'Field.created_date__v',
         'Field.modified_by__v',
         'Field.modified_date__v')
   )
);