Today I’ve been experimenting with the security model. It seems both complex and powerful, with the downside that the online help seems to be only 25% populated in this area. Here’s what I’ve been able to work out:
Access Control lists (ACL) – every object (optionally) has an ACL which can control Browse, Read, Write, Delete, Change Owner and Change Permissions rights. A user can be associated with a given ACL by means of direct allocation or via allocation of a relevant Groups, Role or Profile.
Groups – A way of aggregating Users, other Groups, Roles or Profiles
Roles – an application-specific way of assigning rights to forms, views, lists, tabs, controls and actions – it seems this is the main way to customise the look and feel of Iceberg based on user login. Strangely you can only assign Users to a Role, not Groups.
Profiles – are associated with a specific object, and seem to be a way of controlling what lists of related objects a user can see when looking at a specific object form. What I can’t find is how you assign someone to a profile!