For a quick
introduction to the security policies, please check the blog on How to Implement Security Policy – Context Type Role Name
Problem
For some security requirements, the security
policy using Context type – Role property can be used if the policy is to be
applied only if user is a member of any one of a set of roles that have the
context string property set to the same value.
Solution
Let’s have a
quick demonstration on how security policy can be implemented using RoleProperty
Consider an
example where logged in employee should be able to view only the vendor on
vendor list page which is mapped to its employee record.
Step#1
Create an
AOT query which returns the set of records which should be displayed to the
user conditionally. For the above mentioned scenario, the query would look like
below.
Step#2
Create a new
security policy and set the properties as below.
Context Type: RoleProperty
Context String: Any string value which
can be used to configure the security policy using security configurations. In
this case it is set to MY_WorkerVendors
Primary table: Select the table from
the query as primary table to apply the record level security
Constraint Table: Set to ‘Yes’
if the Primary table should be used to restrict the records.
Operation: Select the operation which
should be restricted on primary table using this security policy.
Query: Set the query you created in
step 1.
Build your
model/project and the security policy is set to be applied with the role.
Execution
Create a user role and add the privilege to grant access to the vendor
list page. Set the context string
property on the Role as MY_WorkerVendors.
The context string can be applied to multiple
security roles.
When the user login to the application, only the selected vendor is
viewable to the user.
To check how to implement security policy using other context types,
please check the blog.
No comments:
Post a Comment