mrc Documentation
michaels, ross & cole, ltd.
http://www.mrc-productivity.com/

 

 

Secure by User or Session ID

 

 

After you have implemented Sign on Security, (Web 1.0 see here, Web 2.0 see here) you may want to control who can see which records. For instance, if I have a order history table for five customers, each customer should only be able to see their own records. Rather than making five separate applications, we can create one and implement security on it.

 

Of course, in all cases we can utilize Advanced Record Level Security (learn more about this here), however if the user’s USERNAME (or Session ID) is listed in the table, we can utilize a feature of our servlets called “Secure By.” When active, the User Name field (specified by being the first key field within your application), is compared in the SQL statement to your login. Only matching records will be shown.

 

To set up, only a few things need to be in place.

 

1)      Your first sequence key must be the UserName or Session ID field.

2)      You must be utilizing the mrc built in Sign-on logic (mrcSignon or mrcSignon2)

3)      You must activate the Secure By Feature. To do this, please see the following information

a.       Compile your application as you normally would, (be sure to have the first sequence, sequence by the USERNAME field)

b.      Next, go into Application Properties, and click the “SQL tab”

c.      

d.      Click Save.

 

Here is a screenshot before Secure By security was implemented:

 

And here is the after shot:

 

 

Since I logged on as HURCKES, I can only see ‘Hurckes’ records. Further, if I turn on debug, you can see the SQL statement that was generated:

 

The “WHERE T01.”USER”=’HURCKES’ was added because the Secure By function was implemented.

Note: The end user has no way to modify this SQL statement.

 

Other Notes: