Row Level Security for m-Power Applications

 

Row Level Security is a highly flexible technique for controlling the records returned based on the application user. The following few steps demonstrate the technique.

Create a security table and populate it with data. It may contain several records per user.

Note: You must enter the username in ALL UPPERCASE. Doing this will allow for the end user to be non-case specific at run-time.

This example has fields Profile (10A), Relationship (2A), and Values (99A). Valid values for the Relationship field include:

EQ Equal to

GE Greater than or equal to

GT Greater than

LE Less than or equal to

LS Is in the list

LT Less than

NE Not equal to

NG Not greater than

NL Not less than

RG Is in the range

SW Starts with

Create a retrieval (inquiry) application over the security table.

Security advanced record.bmp

Here is the listing of all the fields used in the retrieval application. Sequence your application by the field containing user profile (USERNAME in this case). Please do not name the user field USER. That is a reserved Java field.

Select the Row Level Security template in the ‘Application Settings’ link from the ‘Application Menu’ screen. Click the Accept button to save your changes and compile your application. This specific template allows you to create a java object that can be defined as an external object and then used in other applications.

Define the logic generated in Step 2 as an external object with the following attributes:

Object Type is “Java Method”

Class is “DD.IXXXXXs”

(where DD = Data Dictionary, XXXXX = application number of the inquiry created in Step 2)

Method is “getCondition”

Security advanced record 3.bmp

Security advanced record 4.bmp

Define one parameter which has attributes matching the key database field. This example uses the ‘Customer Number’ field (6,0).

Create a servlet application (retrieval, graph, report, summary or maintainer application) that employs the row security logic. Use the external object defined in Step 3. Select template location *ADVRECSEC and map the field from the application to the object parameter.

Security advanced record 5.bmp

Security advanced record 6.bmp

After clicking the Accept button, the ‘External Object Review’ is displayed where you can validate the selected external object name, template location and the parameter mapping.

Compile and execute the application with debug turned on to see the SQL statement affected in the WHERE clause. Ensure that you are authenticating the end user so that a user name can be retrieved by the Java program. Please see this document for mrc built-in security.

Please note: There are no case restrictions at run-time. Meaning, the end user can type their username in any case he or she wishes and their security application will work as designed.