Skip to content
Vault Logo
Vault Developer Portal Developer SiteVault
Advanced Search

    Release Notes

    Understanding Tree Security

    To develop with security trees, you must understand the Vault objects involved in configuration.

    The following is an example of a Security Tree object retrieved through MDL:

    Object security_tree__c ( label('Security Tree'), object_class('securitytree'), user_tree_assignment_object_name('user_assignment'), single_user_tree_assignment(true), user_reference_assignment() );
    • label: The Admin-facing UI label of this security tree.
    • object_class: The object class of this security tree, which will always be securitytree for security tree objects. Only security tree objects can be of class securitytree. Learn more about object classes in Vault Help.
    • user_tree_assignment_object_name: The name of this security tree’s User Tree Assignment object, without the _c__sys namespace. For example, the full name of this object in the example MDL above is user_assignment_c__sys. This object allows you to assign a user to a node in a security tree with an assigned Application Role. This attribute can only be set on create. Learn more about the User Tree Assignment Object.
    • single_user_tree_assignment: A Boolean value indicating if this security tree is configured to Restrict Users to a Single Node Assignment. If omitted on create, defaults to false and users are not restricted to a single node assignment. Learn more about single node assignment in Vault Help.
    • user_reference_assignment: The user reference field associated with this object. This field allows the object to automatically assign records to a security tree based on an existing static user assignment. For example, when you create a record on a secured object, setting this attribute automatically assigns the object record to the selected user's node. Learn more about User Reference Assignment in Vault Help.

    The following is an example of a custom object secured by a security tree retrieved through MDL:

    Object my_custom_object__c ( label('My Custom Secured Object'), security_tree_object('Object.security_tree__c'), tree_assignment_object_name('user_tree_assignment') );
    • security_tree_object: If this object is secured with a security tree, this attribute is the name of the Security Tree object which is securing this object. If blank, this object is not secured by a security tree.
    • tree_assignment_object_name: If this object is secured with a security tree, this attribute is the name of the Tree Assignment object which is securing this object. A Tree Assignment object is an object of class securedrecordtreeassignment. If blank, this object is not secured by a security tree. Learn more about Secured Record Tree Assignment in Vault Help.