Restriction

Define restrictions with a restriction declaration.

All values are optional.

restriction example:restriction:sensitive-attributes
    title: Sensitive Attributes
    restrict-type std:type:person
    restrict-if-label example:label:sensitive-information
    label-unrestricted example:label:can-view-sensitive-information
    attribute-restricted example:attribute:record-identifier
    attribute-read-only example:attribute:notes

title

Name of the restriction, for display in System Management.

restrict-type

Zero or more types to which this Restriction applies. If none specified, this Restriction applies to all types.

Restrictions are always applied to root types, even if you specify a sub-type.

restrict-if-label

Zero or more labels which define which objects this Restriction applies. If any labels are specified, an object must have at least one of those labels for the Restriction to apply.

label-unrestricted

Zero or more labels which ‘lift’ the restriction for a subset of users.

If a user ‘has’ these labels, specified with the hUserAttributeRestrictionLabels or hObjectAttributeRestrictionLabelsForUser hooks, then the restriction does not apply.

attribute-restricted

Attributes which should be restricted, and not shown to any users except when explicitly permitted.

attribute-read-only

Attributes which should be read only, unless the user is explicitly permitted to edit them.