Contact tag-based security
There are permissions associated with tags and there are permission check expressions used to control access to screens.
Contact tag permissions
The base application permissions, listed in the table that follows, are special permissions that enable a user to create, edit, delete, and view contacts that have any tag. You can add permissions for creating, editing, deleting, and viewing specific tags, just as you can for contact subtypes.
The tag permissions provided in the base configurations are:
| Code | Permission Description |
|---|---|
anytagcreate |
Create a new contact regardless of which contact tag it requires. |
anytagedit |
Edit a contact that has any contact tag. |
anytagdelete |
Delete a contact that has any contact tag. |
anytagview |
See a contact that has any contact tag. |
Contact tag permission check expressions
Guidewire applications use a set of permission check expressions to control access to screens and widgets related to contacts. In ContactManager, to perform an action, users need permission for both the contact's subtype and the contact's tags.
For example, to edit a CompanyVendor contact, the user needs
permission to edit contacts of that subtype. If the contact has the Vendor tag, the
user also needs permission to edit contacts with the Vendor tag. If you have not
extended the tag permissions, the base configuration anytagedit
permission gives that user permission to edit vendor contacts.
See also
- For more information on contact tag permissions, see:
- You can associate permissions with tags in Guidewire Studio™. For information on adding new tag permissions, see: