Edit and Access Rights for Objects and Properties

Use AclObjectType to control the access to certain types of business objects and business object attributes.

Required Editions

Available in: Lightning Experience in Performance, Unlimited, and Enterprise Editions that have Consumer Goods Cloud enabled.

Here are the types of business objects and attributes that you can control access to and the kind of AclObjectType to use for them:

Business objects such as BO, LU, LO, and LI: AclObjectType.OBJECT
Business object attributes such as simple property, lookup object, nested object, and list object: AclObjectType.PROPERTY

A Modeler user is granted all permissions, by using aclPermission.ALL, to interact with objects and their simple properties.

The table lists the JavaScript methods available to change the edit and access rights via a business logic contract.

JavaScript Method	Sample Code
setAce (outdated)	`acl.setAce({AclObjectType.PROPERTY, sColumnName,AclPermission.VISIBLE, bVisible})`
addRight (best practice)	`acl.addRight(AclObjectType.PROPERTY, sColumnName,AclPermission.VISIBLE)`
removeRight (best practice)	`acl.removeRight(AclObjectType.PROPERTY, sColumnName,AclPermission.VISIBLE)`

Do not use the setAce method, which is outdated. There can be some cases where setAce is used in a core contract as addRight and removeRight were added later. The addRight and removeRight methods are up to date and recommended for use.

The syntax for these methods is:

/*

* AclObjectType.PROPERTY : "objectType"

* sColumnName : "objectName"

* AclPermission.VISIBLE : "rights"

* bVisible : "grant"

*/

Sample Code for BoCustomer.SetEARights

if (hasOrdererRole === false) {
              var aclBoOrderRole = me.getBoOrderRole().getACL();
      
              aclBoOrderRole.removeRight(AclObjectType.PROPERTY, "ordererType", AclPermission.VISIBLE);
              aclBoOrderRole.removeRight(AclObjectType.PROPERTY, "sdoMetaBlocked", AclPermission.VISIBLE);
          }
          if (hasCustomerRole === false) {
              var aclBoCustomerRole = me.getBoCustomerRole().getACL();
      
              aclBoCustomerRole.removeRight(AclObjectType.PROPERTY, "customerNumber", AclPermission.VISIBLE);
              aclBoCustomerRole.removeRight(AclObjectType.PROPERTY, "priceType", AclPermission.VISIBLE);
              aclBoCustomerRole.removeRight(AclObjectType.PROPERTY, "priceListType", AclPermission.VISIBLE);
          }
          if (hasPayerRole === false) {
              var aclBoPayerRole = me.getBoPayerRole().getACL();
      
              aclBoPayerRole.removeRight(AclObjectType.PROPERTY, "overallCreditLimit", AclPermission.VISIBLE);
              aclBoPayerRole.removeRight(AclObjectType.PROPERTY, "creditRating", AclPermission.VISIBLE);
              aclBoPayerRole.removeRight(AclObjectType.PROPERTY, "creditBlock", AclPermission.VISIBLE);
          }

Sample Code for LoOrderItems.GetEAReadOnly

if (Utils.isDefined(itemMeta[0])) {
         if ((itemMeta[0].getConsiderDeliveryState() == "1") && (orderItem.getDeliveryState()=="NotAvailable")) {
            acl.removeRight(AclObjectType.OBJECT, "LiOrderItem", AclPermission.EDIT);     
         }
     }
      
    // Set items that are invalidated by merge engine to editable = false
    if (orderItem.getMergeEngine_invalidated() == "1") {
         acl.removeRight(AclObjectType.OBJECT, "LiOrderItem", AclPermission.EDIT);     
     }

Did this article solve your issue?

Let us know so we can improve!

Edit and Access Rights for Objects and Properties

Required Editions

Sample Code for BoCustomer.SetEARights

Sample Code for LoOrderItems.GetEAReadOnly

General Information

Required Cookies

Functional Cookies

Advertising Cookies

General Information

Required Cookies

Functional Cookies

Advertising Cookies

Cookie List

Product Area

Feature Impact

Edition

Experience

Edit and Access Rights for Objects and Properties

Required Editions

Sample Code for BoCustomer.SetEARights

Sample Code for LoOrderItems.GetEAReadOnly