From Dataloy API v3.15.0 through the DataControl object it is is possible to control data access for a target user(s) for a given object connected to the target by checking if the user(s) belongs to a given role.
For example, if we want to limit access for the captain of a vessel to only be able to view voyages consisting only of their vesselsvessel, a DataControl object like this has to be posted:
| Code Block |
|---|
{
"matcherTarget": "User",
"matcherAttributeTarget": "key",
"objectName": "Voyage",
"attribute": "voyageHeader.vesselCodes.masterUser",
"dataControlRoleValues":[
{"role": "MASTER_ONLINE_VESSEL"}
]
} |
matcherTarget defines the Dataloy object that has to be used as target object
matcherAttributeTarget defines the attribute in the matcherTarget object that has to be used against the attribute of the object (objectName)
objectName the Dataloy object that has to be applied the access control
attribute the attribute name that links the Dataloy object with the target object
dataControlRoleValues list of SecurityRole that the DataControl will be applied
In the above example if an User that belong to the SecurityRole "MATER_ONLINE_VESSEL" make a query to the endpoint Voyage, the server will return only the voyages that has voyageHeader.vesselCodes.masterUser = {the user that made the query}