Using role lookup keys
Tutorial
Setting up role lookup keys.
Background
A lookup key is simply a key-value pair that can be used for record-level access control settings for a role.
Example - Use lookup keys for record-level access control
Say we have a field in an Account table called 'amount'. We want to ensure that users for a particular role, call it the 'Sales' role, can only create, read, update, and delete records with amount between 10000 and 20000 (i.e. records where 'amount' >= 10000 and 'amount' < 20000). We'd rather not hardcode the values in the filter. Instead, we'll use lookup keys to map to human-readable values that we can easily change if business rules change.
- 1. Log into the DreamFactory admin console as an Admin.
- 2. Click on 'Roles' > 'Create'.
- 3. In the 'Lookup Keys' tab, click the plus button icon twice to create two lookup keys. Create the first lookup key with Name 'min' and Value '10000' and second lookup key with Name 'max' and Value '20000'.
- 4. In the 'Access' tab, select your API for 'Service', the table name for 'Component' (here the Account table), HTTP verbs for 'Access' (here GET, POST, PUT, PATCH, DELETE), and API for 'Requestor'.
- 5. Click on Show/Hide under 'Advanced Filters', then click on the plus button icon to create two server-side filters. Create the first filter with Field 'amount' (this is a field in your Account table), Operator '>=', and Value '{min}' (this is the name of the lookup key name 'min', make sure to use curly brackets around the lookup key name). Create the second filter with Field 'amount' , Operator '<', and Value '{max}'.
This ensures that any user with the 'Sales' role must 1) first authenticate to access the Account table; 2) can only create, read, update, and delete records in the Account table where the value of the 'amount' field is between the lookup key values for 'min' and 'max', in this example 10000 and 20000, respectively. Note that you can add as many lookup keys and filter rules as you need.