8,849
edits
Changes
no edit summary
* ''Whitelisting'' takes the opposite approach - a role, status or type is added to the ''Allow'' setting.
* This approach means that only contacts possessing a certain role will be able to see or edit the field, or will only be able to see or edit the field if it is on a record in that status or of that type.
* The ''whitelisting'' approach is generally preferable to the ''blacklisting'' for::*''scalability purposes'' - : if more roles are added to the system, you will not have to remember to decide whether or not they should have access denied on a set of fields:*''In line with the rest of the SmartSimple security purposes'' model, a most- if a certain role restrictive approach is denied access to a certain fieldapplied meaning that deny permissions always take precedent over allow permissions. No matter how many allow permissions are satisfied, all that is required to see the field would be that the role be removed from their profile, a privilege which in some cases users access is restricted if any deny permissions are grantedsatisfied.