Setting Object Level Security

In order to set the permissions for the profile we must also set the object level security. The profile can be assigned access permissions to any level in the Model panels (for example System, Core, Connector, Node or even I/O item in the I/O model) and the assigned permissions can then extend to any item below this object level. We can assign the object level security by simply dragging the profile from the Access Model to the chosen object level in one of the Model panels. In the below example the permissions are set on the Process Data Folder.

Setting Object Level Security
Figure 1. Setting Object Level Security

This brings up the Set Permissions dialog where the profile permissions (at that object level) are set. Choose which permissions you want to apply to the profile (hover the cursor over each one to get more information). The Inheritable permission ensures that all the children items beneath the ProcessData folder level will inherit the set permissions. Click Apply to set the permissions.

Set Permissions Dialog
Figure 2. Set Permissions Dialog

The ProcessData folder now has a lock symbol indicating that a security reference has been set on this object. Click the security tab in the Object Properties panel to see the permissions that were just set.

Security References Configured for Object in the I/O Model
Figure 3. Security References Configured for Object in the I/O Model

To check these permissions in action, log out of DataStudio (if you are currently logged on as the system owner 'so' profile). In the DataStudio login dialog, choose Profile Credentials, enter "Guest Users" as the User Name and then enter the Password you entered during setup. Click Ok to connect. Expand the I/O model including the ProcessData folder (or whatever object level you set the permissions on). You will notice that all objects in the path to the ProcessData folder are visible but the other objects in the tree (the Connector and the other folders) are not visible.

I/O Model View in Guest Users Profile
Figure 4. I/O Model View in Guest Users Profile

If you click on any of the objects higher in the tree the Object Properties panel will display that access is denied. Even though the objects are visible in the tree, they cannot be accessed as the object level security for the profile was set at the ProcessData folder level.

Object Access Denied
Figure 5. Object Access Denied