Encompass controls access to individual loans using both implicitly and explicitly assigned access rights. Implicit access rights are those determined based on the user’s assignment as a loan team member, a user’s persona, or a user’s place within the organization hierarchy. These rights are automatically granted and cannot be revoked. For example, an administrator at the top level of the
organization hierarchy will have full access to every loan in the system, regardless of their explicitly assigned rights.
Assigned rights are those granted to a user for a specific loan and which can later be revoked. There are three levels of assigned rights for a loan: no access, read/write access and full access. No access, which is the default, means that the user has no additional rights to the loan beyond those granted by their implicit rights. Granting a user read/write access to a loan allows that person to open the loan, make modifications and save it. A user with full access can both modify a loan and can grant access rights to or revoke access rights from other users.
When assigned rights and implicit rights are combined, the result is a user’s effective rights. A user’s effective rights to a loan are the greater of their implicit rights and their assigned rights. Thus, assigned rights can be used to grant loan access to a user who would otherwise not be permitted to access the loan, but cannot be used to prevent access to a user with implicit rights to the loan. Note that it is possible for a user to have read-only rights to a loan, but this access level can only be obtained through implicit rights, such as a supervisor who has been granted read-only access to his subordinate’s loans in the user setup screen.
The API includes functions for determining a user’s assigned and effective rights for a particular loan as well as the ability to modify a user’s assigned rights. These functions require that the logged-in user have Full (effective) rights to a loan in order to access or modify a user’s assigned rights. The following code demonstrates granting a user Full access rights to a loan.
User user = session.Users.GetUser(“jsmith”);
Loan loan = session.Loans.Open(“{AA6C8474-05D8-3D32-
BC9A- 36C1D2C6DB33}”);
if (loan.GetEffectiveAccessRights(user) < LoanAccess-
Rights.Full)
loan.AssignRights(user, LoanAccessRights.Full);
Unlike changes to a loan’s Fields collection, changes to a loan’s access rights occur immediately without requiring a call to the Commit method. Additionally, you cannot assign
rights to a loan until it has been committed for the first time. The API also provides a function for retrieving a list of all users who have assigned rights for the loan. The following
example demonstrates how to display all users who have assigned rights, along with their assigned and effective rights.
foreach (User user in loan.GetUsersWithAssignedRights())
Console.WriteLine(“User ‘” + user + “‘ has assigned rights ‘” +
loan.GetAssignedAccessRights(user)
+ “‘ and effective rights ‘”
+ loan.GetEffectiveAccessRights(user) + “‘”);
The Loan object provides one rights-related additional method which any user can invoke: GetAccessRights(). This method returns the current user’s effective rights to the
current loan. This information can be used to determine whether operations such as assigning rights to another user will succeed or cause an error.
