The Templates folder in the Permissions folder tree pane contains the templates used by each ESM module. The templates are sorted into their respective module folders. Each template’s pane also lists the template’s classes and attributes. When you select a template or an attribute, its permissions are shown in the content area.

Template Permissions

You can create and modify a user role’s permissions for a template in two ways. One option is to select a template under the appropriate module folder in the Templates folder. Alternatively, select Templates in the main menu, select a template under the appropriate module folder, and click Permissions. Both actions open the permissions view. The view lists all the available user roles, as illustrated in Picture 68: Template permissions. You can freely grant and deny different roles permissions to the template.

You can filter the roles based on what permission they have. Select the relevant permission checkbox(es), and click Filter. The view lists the roles that have the selected permission or set of permissions.

You can also search the template permissions by either user or role. If you select Users from the drop-down menu and click Search, the search returns a list of users, displaying their permissions for the template.

Classes and attributes list the classes and attributes used in the template. You can click on an attribute to open its permissions view.

Under the Permission settings section of the platform settings (editable via Administration > Maintenance > Edit settings), you can specify default permissions to be granted to existing user roles after creation of a new attribute, template, or folder. By default, ESM grants all user groups (i.e., all roles) all permissions to the created object. If the option is set to none, no user group sees the new object. Since this applies also to the object’s creator, it is advisable to maintain the default setting.

Attribute Permissions

You can modify a user role’s permissions for attributes in three ways.

1. First way is to select an attribute under its class in the Templates folder tree panel.
2. Alternatively, select Templates in the main menu, then the correct module and after this find the appropriate template and click on it, and then click on the correct attribute on the result view and then Permission in the display menu.
3. Best way to modify permissions is from the Permissions main menu. When setting them from this menu, you can access the Permissions page directly. Click plus on Templates, Module, Template, Class and Attribute.

The Permissions view lists all the available user roles. You can freely grant and deny different roles permissions for that attribute.

You can use the Roles/Users filter function as described in the picture below.

Attribute permissions (CRU) work the following way:

(R) Read permission

• The user has permission to see the value(s) and the attribute.

(C) Create permission

• The user has permission to add value to an empty field but not to change an existing value in the field. Functionality is the same with multi value and single value fields.
• In back references the user can set the value only if there is no value in the field, so no references are linked to the data card, which are specified in the attribute settings.
• User will have automatically read permission when create permission is added.

(U) Update permission

• The user has permission to update the value in the field and clear the field values.
• Update means that the user updates the value in the field and/or removes or adds the value(s) to the field.
• In back references the user is able to update the value in the field.
• User will have automatically read and create permission when update permission is added.

Once you add an attribute to a new class, each role has full rights to read and update that attribute by default.

To work as intended some attribute handlers require that roles have either read or update permission. If an attribute has such a handler, user cannot select the create-permission manually. It will be updated automatically according to read and update permission.

The overrideUpdatePermission metadata is used to allow user to store the value of attribute without update permission, but not modify it on ESM GUI (web browser). For more information, refer to Attribute handler guide, which can be found from the Edit metadata view.