Question

What is Path to User and Path to Owner and why do we use it and what is diff between them ? Can anyone please explain me this in their own words in detail please?

0

\Hi Experts, I was going through the learning path for configuring advanced security. I came across 2 terms which are path to user and path to expert. Can any one please explain to me what is Path to User and Path to Owner(screenshot attached below) and why we use it and what is the diff between them? Please find the screenshot of document i am going through

asked 2023-01-23

Harsh Bhanushali

4 answers

Mike Kumpf · Answer 1 · 2023-01-23

These are used when creating access rules on an entity.

Path to owner is used when you want to create an access rule that is specific to the user who created an object.

Path to user is used when you want to create an access rule for a user that is associated to an entity in some way. For instance, if you want the manager of a department to have different access rules than other users, you could use Path to User to create an access rule that identifies managers via one or more associations.

Mohamedbeemubeen N · Answer 2 · 2023-05-31

Owner

The Owner button adds an XPath constraint so the access rule is only applied if the object owner is the current user.

[System.owner='[%CurrentUser%]']

This constraint is only valid when the Store ‘owner’ checkbox in the System members section of the entity properties is checked.

Path to User

The Path to user… button adds an XPath constraint so the access rule is only applied when the User object which is associated (directly or indirectly) is the current user. When you click Path to user…, you can select a path to an associated entity that is either a System.User or a specialization of System.User. This is then converted into an XPath constraint for the access rule.

[Module.Order_Customer = '[%CurrentUser%]']

As an example:

Assume that the Customer entity is a specialization of the User entity. The Order entity is associated with the Customer entity via the Order_Customer association.
Assume that a logged-in customer is only allowed to view their orders, but is not allowed to view the orders of other customers. The XPath constraint can be constructed easily using the Path to user… button by selecting the Customer entity in the Order entity access rule.

Because of this XPath constraint, access defined in the Access rights tab is only applied to orders for which the customer is the current user.

Bart Zantingh · Answer 3 · 2023-01-24

The owner of (an instance of) an object is the user that has created that instance. The ‘path to owner’ is therefore the path that leads to the specific user that created that object.

The ‘path to user’ leads to a specific user or group of users (e.g. users with a specific user role) that may or may not be associated with that particular (instance of the) object. It basically says 'this user or group of users has access to this object and can do stuff with it.

An object can have multiple users authorized to access it, but always has only one owner.

Okan Gunes · Answer 4 · 2024-04-22

"Path to User" and "Path to Owner" are two different types of security restrictions that can be applied to entities to control access to data based on user roles and ownership.

Path to User: This restriction allows you to specify a microflow or XPath expression that determines whether a user has access to an entity instance based on their role or some other criteria related to the user. It typically checks whether the current user has certain permissions or meets specific conditions defined in the microflow or XPath expression. For example, you might use a Path to User restriction to restrict access to certain employee records based on the department the user belongs to. However, in this case your entity directly or indirectly should have a connection to the Administratin.Account Entity to reach CurrentUser in the Xpath constrain.
Path to Owner: This restriction allows you to specify a microflow or XPath expression that determines whether a user has access to an entity instance based on ownership. It checks whether the current user is the owner of the entity instance or has some relationship to the owner. For example, you might use a Path to Owner restriction to ensure that users can only view or modify their own profile information or data that they own. The important thing here is that the user should be the creater/owner of the entity instance. I forgot to say that you have to check the owner system member in the entity properties..

In summary, while both "Path to User" and "Path to Owner" restrictions control access to data in entities, they do so based on different criteria. "Path to User" focuses on user roles and permissions, while "Path to Owner" focuses on ownership relationships between users and entity instances. Depending on your application's requirements, you may use one or both types of restrictions to enforce data access controls effectively.