Security, Logs & Backups in CFOs

CFO allows to specify Security access, Logs and Backups for the info. Inside the security property you can define access properties (user_privileges, user_organizations, user_spacenames) and behaviour properties (allow_{display, update, copy, insert, delete}).If any of the access properties returns true (OR relation) the user will have access. Also inside the security property you can add Logs of access and Backups for updates and for deletes.

CFO Security example

"security": {
  "cfo_locked":true,
  "user_privileges": ["financial-admin","accounting-admin"],
  "user_organizations": ["cloudframework"],
  "user_groups": ["groups"],
  "user_spacenames": ["cloudframework"],
  "allow_delete": {
    "user_privileges": ["financial-admin"],
    "field_values": {
      "FinancialInvoice_Blocked": ["equals",""],
      "FinancialInvoice_FinancialInvoicesState_Id": ["not_equals",2]
    }
  },
  "allow_copy": {"user_privileges": ["financial-admin"]},
	"allow_display": {"user_privileges": ["financial-admin"]},
  "allow_update": {"user_privileges": ["financial-admin"],
    "field_values": {
      "FinancialInvoice_Blocked": ["equals",""]
    }},
  "allow_insert": {"user_privileges": ["financial-admin"]}
	**"logs":{"list":true,"display":true,"update":true,"delete":true},
	"backups":{"update":true,"delete":true}**
}

Replication Process

"cfo_locked": if true then the CFO can not be personalised by the Developers. Only the owner of the CFO can make modifications.

Access properties

"user_privileges": only users with any of the privileges of the array can access to the CFO. Special value: superadmin means that only superadmin users.
"user_organizations": only users included in any of the organizations of the array can access to the CFO.
"user_groups": only users included in any of the groups of the array can access to the CFO.
"user_spacenames": only users included in any of the spacenames of the array can access to the CFO.

Behaviour properties

"allow_delete", "allow_copy", "allow_update", "allow_display", "allow_insert": specifies who can delete, copy,update or/and delete any entity or record of the CFO. Those security properties are objects that includes access properties and field based values.
- "user_privileges","user_spacenames","user_spacenames": users who satisfy any of access property will be allowed to execute the behaviour.
- "field_values": the behaviour will be activated if the fields defined in the property have the conditions defined inside. This property are objects with the following structure:
  - "field":[condition,value]
    - condition: can be "equals", "not_equals", "in", "not_int"
    - value: can be string, number or array in the case of condition is in or not_in

Logs ♾️

logs: allows to insert in the system log the access to the CFO for different behaviours:
- "list": if true it will log any access to the list of the CFO
- "display": if true it will log any CFO record/entity display
- "update": if true it will log any CFO record/entity update or insert
- "delete": if true it will log any CFO record/entity deletion

The logs are accesible in your ERP platform under the URL: /app2020#<https://cloudfw.web.app/ajax/cfo.html?api=/cfi/CloudFrameWorkLogs&undefined>. More info in:

[CFS:Logs] this→core→cfiLog→add

Backups

Backups allow to make a backup of a CFO model for different behaviours: