Define cross-scope access to an application resource

Admin users can track cross-scope requests for access to an application resource, and approve or deny requests.

Before you begin

Role required: admin or application admin

If application administration is enabled, only application administrators of the target application can set access to an application resource. If application administration is not enabled, an admin user can set access to an application resource.

Procedure

  1. To define access to an application resource, navigate to the application resource record. Available application resources include:
    • Table
    • Script Include
  2. Set the Accessible from field to All application scopes.
    If set to This application scope only, no other application scopes can access the resource.
  3. Select the appropriate access level in the Caller Access field.
    OptionDescription
    None Cross-scope calls to the resource are approved or denied based on the value of the Accessible from field.
    Caller Restriction Calls to the resource must be manually approved. Access requests are tracked in the Restricted Caller Access table with a status of Requested.
    Caller Tracking Calls to the resource are automatically approved. Calls are tracked in the Restricted Caller Access table with a status of Allowed.
  4. Allow or deny an access request from a calling application.
    If a cross-scope application attempts to access a resource set to Caller Restriction, a record is created in the Restricted Caller Access table with a Requested status. An admin user or application administrator must allow or deny the request.

    If a calling resource changes, the restricted caller access record status changes to Invalidated. An admin user or application administrator must update the status to Allowed or Denied.

    1. In the application record, navigate to the Restricted Caller Access Privileges tab.
    2. In the Status column, set the value from Requested to Allowed or Denied.
    Once a calling script is allowed, all subsequent calls are allowed.