From Dataloy API v3.15.0 through the DataControl object it is possible to control data access for a target user(s) for a given object connected to the target by checking if the user(s) belongs to a given role. For example, if we want to limit access for the captain of a vessel to voyages consisting only of their vessels, a DataControl object like this has to be posted:
{
"matcherTarget": "User",
"matcherAttributeTarget": "key",
"objectName": "Voyage",
"attribute": "voyageHeader.vesselCodes.masterUser",
"dataControlRoleValues":[
{"role": "MASTER_ONLINE_VESSEL"}
]
}
- matcherTarget defines the Dataloy object that has to be used as target object
- matcherAttributeTarget defines the attribute in the matcherTarget object that has to be used against the attribute of the object (objectName)
- objectName the Dataloy object that has to be applied the access control
- attribute the attribute name that links the Dataloy object with the target object
- dataControlRoleValues list of SecurityRole that the DataControl will be applied
In the above example if an User that belong to the SecurityRole "MATER_ONLINE_VESSEL" make a query to the endpoint Voyage, the server will return only the voyages that has voyageHeader.vesselCodes.masterUser = {the user that made the query}