HP System Dictionary/XL General Reference Manual Vol 1 (32256-90004)
5- 53
because it has just read capability.
To allow Scope2 and Scope3 access to File1 and Record1, Scope1 associates these entities to those scopes.
Both Scope2 and Scope3 are given read ScopeAccess to Record1, Scope2 is given modify ScopeAccess to
File1, and Scope3 is given read ScopeAccess to File1.
The table below lists each of the entities the scopes have access to after these changes were made. Note
the addition of File 1 and Record 1 to Scope2 and Scope3.
To create a relationship between File1 and Record1, the scope must be either the DA scope, Scope1, or a
scope with create capability and at least read access to File1 and Record1 which includes Scope2 but not
Scope3. Again, Scope3 is only able to read from the dictionary because it has just read capability. If
Scope2 creates a relationship between File1 and Record1 then Scope2 becomes the owner of that
relationship. Only Scope2 or the DA scope can delete that relationship. Only Scope2, the DA scope or a
scope with modify access to that relationship can modify that relationship.
Table 6: Security Example
SCOPE ENTITIES ACCESS CAPABILITY
Scope1 (create, read) File1
Record1
Element1
Element2
modify, delete, read
modify, delete, read
modify, delete, read
read
Scope2 (create, read) Element1
Element2
Element3
modify, read
modify, delete, read
modify, delete, read
Scope3 (read) Element1
Element2
read
read
Table 7: Security Example After Modifying Scopes
SCOPE ENTITIES ACCESS CAPABILITY
Scope1 File1
Record1
Element1
Element2
modify, delete, read
modify, delete, read
modify, delete, read
read
Scope2 Element1
Element2
Element3
File1
Record1
modify, read
modify, delete, read
modify, delete, read
modify, read
read
Scope3 Element1
Element2
File1
Record1
read
read
read
read