Problem
There are
several practical scenarios where we are said to provide users the access to
the forms but only allow them to view a set of records based on some
conditions. At the same time, other users should be able to view a whole set of
records of the data.
Solution
In order to
achieve the above mentioned requirement, the security policy comes into action.
The security
policy can be created three ways.
·
Context string: Use it if a context is used
to determine whether the policy should be applied. Whenever it is required this
context string needs to be set by the application using the XDS:SetContextAPI.
·
RoleName: Use it if the policy
requires to be implemented only for a user in a specific role that accesses the
constrained tables.
·
RoleProperty: Use it if the policy is to
be applied only if user is a member of any one of a set of roles that have the
context string property set to the same value.
Let’s have a
quick demonstration on how security policy can be implemented using RoleName
Consider an
example where logged in employee should be able to view only the vendor on
vendor list page which is mapped to its employee record.
Step#1
Create an
AOT query which returns the set of records which should be displayed to the
user conditionally. For the above mentioned scenario, the query would look like
below.
Step#2
Create a
security role as below.
Step#3
Create a new
security policy and set the properties as below.
Context Type: RoleName
Primary table: Select the table from
the query as primary table to apply the record level security
Constraint Table: Set to ‘Yes’
if the Primary table should be used to restrict the records.
Operation: Select the operation which
should be restricted on primary table using this security policy.
Query: Set the query you created in
step 1.
Role Name: Set the role name as you
created in step 2.
Build your
model/project and synchronize the database (to make your role available on the
security configuration form) and the security policy is set to be applied with
the role.
Execution
Apply the role to the user and grant the privilege to the vendors list
page. When the user login to the application, only the selected vendor is
viewable to the user.
To check how to implement security policy using other context types,
please check the blog.
Thank you for sharing wonderful information.
ReplyDeleteDevOps Training
DevOps Online Training