mrc
Documentation
michaels, ross &
cole, ltd.
http://www.mrc-productivity.com/
|
|
|
|
Setting up mrc Application
Security (to control user access)
Many times you will want to specify that only a certain group of users can access an application. Perhaps it is a confidential (HR, Payroll, Executive data) application that needs restriction or one that can alter data (such as maintenance applications). Our Menuing System helps (most users won’t access options they don’t know about), but if a user were to stumble upon a page or know the URL, they could still be able to access the application.
But not anymore. Our new security feature, mrc Application Security, now limits who can access what application. The best part of the feature is that it builds upon what you have already done for your Menuing System. (If not, please review the Menuing System documentation here.)
For this document, I will assume you already have a healthy list of Users, Applications, and Roles defined for your Data Dictionary. Next, all you have to do is click the Data Dictionary Tab -> Application Menu and Security -> Manage Application Security.
Click the “Add” button. Specify a Role, Application Type, and Application Number.
Note: The Roles should match the Roles that have pre-defined in the Menuing System.
When completed, your screen may look something like this:
In the mean time, we have created some new objects on your IFS, including MrcAppSecurity.java and MrcAppSecurity.class. Although these files have been built in, they are fully customizable. If you would like to customize your security to work in combination with your own JAVA or RPG code, you are able to fully modify the MrcAppSecurity.java object. If you decide to do this, make sure you compile this JAVA object.
Lastly, while everything has been put in place, you must implement the Application Security. Once you do this, the only applications that will be accessible are the ones listed in the table above. To implement, simply click the “Enable Application Security” from the Data Dictionary Tab -> “Application and Security Menu” link.
At runtime, if an application is included in the list above, ONLY the users assigned to the specific role will be able to access the given application.
If a user is not assigned, the application can not, and will not, display output to the user.
Other important information
to consider:
- For this feature to work, you must recompile any application you wish to use for this security feature once you have taken an update dated May 5th, 2008 or later. Overwriting the Presentation Layer and Application Properties File is not necessary.
- Just like the built-in sign on logic, the built-in Application-Level Security is session-based. That means that every time you log on, the browser can remember who you signed on as, just as it will remember what applications you are allowed to access.
- If you have Application-Level Security enabled, and generate an application and try to run it prior to loading it to the Application Security Menu, you will be told that you do not have access to that application.
- Once you add the application and attempt to reload it, you will still not be allowed to run the application, unless you open a new browser or if Tomcat is restarted.
- For this reason, mrc recommends that you utilize Application Level Security only in production environments, where it is truly needed.