Defining Environment Attributes

Environment attributes grant a user certain access rights to an Item based on specific circumstances such as the geographical location or the time an access request is made. For example, if the user makes the request outside of work hours, the request is denied. If the same user makes the same request during work hours, their request is accepted.

To create Environment Attributes in Aras Innovator:

1. Click Administration --> Access Control --> Environment Attributes in the TOC. The menu shown in figure 16 appears.

Figure 16.

2. Click Create New Environment Attribute. A blank Environment Attribute dialog appears.

Figure 17.

3. Enter the appropriate information in the Name, Description, Type, and Get Value Method fields.

Figure 18.

4. Click to save and unclaim the attribute.

Each attribute has a unique Name, Type, and custom method (specified in the “Get Value Method” property) that is called by Aras Innovator to get the attribute value for each request to Aras Innovator. The supported data types for Environment Attributes are Boolean, String, and Integer. The environment attribute values are considered when calculating MAC Policy conditions for determining if an access request should be granted if the conditions use the environment security attribute. An environment security attribute with the name <attr_name> is referenced in a MAC Condition as ‘$<attr_name>’.

See Section Sample Environment Attribute Method for an example of a method that can be specified in the Get Value Method field.