The Permissions sections of the Basic and Advanced filters provides the ability to specify the permissions that should be included in the search. While the basic permissions option are the same for both the Basic and Advanced filter, the inherited Object in the Advanced Filter has the extra option to perform a Not query against the inheriting object.
For details on the Matching Rule option see Matching Rules
The checkboxes can be used to select which permissions will be included in the search, the Matching Rules will define which ACE will match the selected permissions.
The Read/Write Property, Create/Delete Child, Validated Rights, and Extended Rights, have a dropdown list to select if the permissions is assigned to a specific Property, Object or Right.
The functionality of the dropdown list is the same for all four options, and is used to limit or define which type of permissions are matched. The following search logic is used:
- If no item is selected, then all ACE that match the permissions with or without a specific item specified. i.e. Read Manager, Write All Properties
- If the -None- item is selected, only ACE that that is set to all will be included. i.e. All Validated Rights, or All Extended Rights
- If a item is selected, only the permissions that are specific assigned to that items are included. i.e. Create Group Objects, Delete User Objects
Inherited Object is used to define if the search should return an ACE with permissions that will be inherited by a specified object. The dropdown list contains the same blank, -None-, plus a list of the objects, and uses the same logic as the other dropdown lists.
In the Advanced Filter there is an extra Matching Rule, which provides a number of extra search options, with the Not selected the following logic is available.
- If the -None- and Not are selected - Then all ACE that have a inherited object set will be returned
- If Blank and Not are selected - Then all ACE with or without an inherited object set will be returned
- If an item selected and Not selected - Then all the ACE that have an inherited object that is not the item will be returned.