Back Forward How the system assembles and uses your RuleSet list

Concepts and terms

 zzz Show all 

When managing access control, it is important to understand how the system develops and uses a user's RuleSet list.

 zzzOverview

The RuleSet list of any requestor is an ordered list of RuleSets and optionally specific versions or initial portions of a version number for each RuleSet. Process Commander assembles the list during log in, from several sources. Thereafter, the rule resolution algorithm uses this list to determine which rules are visible and so available to be run for that requestor.

LinkTo see your current RuleSet list:

In the Profile display window, locate the list labeled RuleSets. If you have a personal RuleSet (named to match your Operator ID), it appears as the top entry on the list.

 zzzYour RuleSet list is assembled bottom-up

For authenticated users, the RuleSet list is assembled during log in, from partial lists contained in several sources. The order of RuleSets and version in the RuleSet list significant and is preserved as the system assembles the list.

The system adds RuleSets and Version entries it finds in these rule and data instances to the top of the list, so the entries near the bottom are those it found earliest. However, for each source of RuleSets for this list (such as an access group) contains more than one RuleSet to be added, the system adds starting at the bottom of that array.

This technique preserves the final order. For example, if the RuleSet named Mortgage appears directly above the RuleSet named AllLoans in the Definition tab of an application rule, then Mortgage is directly above AllLoans in the assembled RuleSet.

 zzzThe RuleSet list has file sub-lists in two layers

A completed RuleSet list contains up to five sub-lists of RuleSet versions, arranged in two layers. Order is significant at the layer, sub-list level, and within each sub-list:

 zzzFive data instances contribute to the RuleSet list

During log in, the system starts with an empty list and retrieves information from five data instances, in the order listed.

The first four of these five sources typically reference an application rule (Rule-Application rule type) that lists RuleSets and versions. That application rule may reference another application rule as prerequisites

If you update and save an application rule or access group, all the requestor sessions associated with these instances are immediately affected with an updated RuleSet list.

OldIn Version 4, changes to RuleSet lists in an application rule or access group were affect only for those users who logged in after the change.

 zzzEach access group and each application rule contributes

The three access groups referenced in the organization, division, and Operator ID contain two sources of RuleSet versions on the Layout tab that contribute to the list:

When processing an application rule, the approach is depth-first. That is, if the General tab contains a prerequisite application rule (in the Built on Application field), RuleSet version in the prerequisite application rule (or its prerequisites) are added first. Then the RuleSet version in the Application RuleSets area are added.

This processing may result in duplicate entries in the RuleSet list. For each set of duplicates, all matches are dropped except the highest one.

 zzzHow the system uses the RuleSet list

Each requestor's use of the system continually causes the system to search for a rule instance. This sophisticated search, known as rule resolution, uses properties from many sources to find the most appropriate rule for the current need, including class inheritance, security and access control restrictions, and the RuleSet list.

During rule resolution, the system:

Many other factors, including unavailable, final, or blocked rules, time-based rules, circumstances, and access control influence this process.

Definitions access group, application rule, available rule, circumstance, component RuleSet, override RuleSet, private RuleSet, profile, Rule Management facility, rule resolution, shared RuleSet
Related topics How the system finds rules through rule resolution

UpConcepts