ClaimCenter contact and tag permission check expressions
In a page configuration file (PCF), you can control permissions on specific widgets with Gosu expressions that determine if a user has permission to perform an operation.
For example, the setting for the ClaimCenter AddressBookContactDetail page’s canVisit attribute is perm.Contact.viewab(externalContact.Contact). This setting limits users of this page to viewing only contact types for which they have subtype permissions and tag permissions to view the contact. Additionally, the canEdit attribute setting is externalContact.Source.supportsUpdate() and perm.Contact.editab(externalContact.Contact). This setting limits a user of this page to editing only contacts that support updates and for which the user has subtype permissions and tag permissions to edit the contact.
AddressBookContactDetail.pcf
(configuration\config\web\pcf\addressbook) in the list of objects that
the system finds.ClaimCenter does not use tag permission checks to control access to screens or buttons. However, when a user tries to save a new contact to ContactManager, ClaimCenter applies the createab permission check expression. This permission check ensures that the user has permission to create the tag as well as the contact. If the user does not have this permission, ContactManager creates a pending contact that requires approval in ContactManager to become permanent.
Some Gosu permission check expressions require an input parameter, and some do not. The following table lists the ClaimCenter contact and tag permission check expressions:
| ClaimCenter Expression | Description |
|---|---|
perm.Contact.createab |
Takes an input parameter that is either a Contact type or subtype or a ContactTagType typecode specified as an enumeration constant. Depending on the parameter, verifies that the user has the permission to create either a contact with the specified tag or a contact of the specified type. |
perm.Contact.createpreferredab |
Does not take an input parameter. Verifies that the user has permission to create the preferred contact. |
perm.Contact.deleteab |
Takes a Contact instance as an input parameter. Determines the subtype and contact tag or tags from the instance, and then verifies that the user has the contact and tag permissions to delete the contact. |
perm.Contact.deletepreferredab |
Does not take an input parameter. Verifies that the user has permission to delete the preferred contact. |
perm.Contact.editab |
Takes a Contact instance as an input parameter. Determines the subtype and contact tag or tags from the instance, and then verifies that the user has the contact and tag permissions to edit the contact. |
perm.Contact.editpreferredab |
Does not take an input parameter. Verifies that the user has permission to edit the preferred contact. |
perm.Contact.viewab |
Takes a Contact instance as an input parameter. Determines the subtype and contact tag or tags from the instance, and then verifies that the user has the contact and tag permissions to view the contact. |
perm.Contact.viewsearchab |
Does not take an input parameter. Verifies that the user has permission to edit the preferred contact in the address book. |
perm.Contact.createlocal |
Does not take an input parameter. Verifies that the user has permission to create the local contact. |
perm.Contact.editlocal |
Requires a Contact instance as an input parameter. Verifies that the user has permission to edit either an existing local contact or a user contact. To edit a user contact, the user needs edit user permission. |
perm.Contact.viewlocal |
Does not take an input parameter. Verifies that the user has permission to view and search local contact entries. |