Row Level Security for m-Power Applications
Row Level Security is a highly flexible technique for controlling which records are returned based on the current user. The following few steps demonstrate the technique.
Create a security table and populate it with data. It may contain several records per user.
Note: You must enter the username in ALL UPPERCASE. Doing this will allow for the end user to be non-case specific at run-time.
This example has fields Profile (10A), Relationship (2A), and Values (99A). Valid values for the Relationship field include:
- EQ Equal to
- GE Greater than or equal to
- GT Greater than
- LE Less than or equal to
- LS Is in the list
- LT Less than
- NE Not equal to
- NG Not greater than
- NL Not less than
- RG Is in the range
- SW Starts with
Create a retrieval over this security table.
Here is the listing of all the fields used in the retrieval application. Sequence your application by the field containing user profile (USERNAME in this case). Please do not name the user field USER. That is a reserved Java field.
Select the Row Level Security template in the ‘Application Settings’ link from the ‘Application Menu’ screen. Click the Accept button to save your changes and compile your application. This specific template tells m-Power that this application contains security credential information. Further, by selecting this template, you allow future applications to apply this security via the Record Selections Screen.
In this brief video I will show you how to apply Row Level security to your applications.
Row level security is a great feature that allows you to specify what records your users can access based on their login credentials. This gives you great control over who can access the records and what records they can access.
Once the security table and the Row Level Security retrieval have been created, you are ready to apply the Row Level security to your application.
As you can see, I have a report listing all the customers; there are over two hundred records listing customers from many different States and regions. I am assigned to work only with customers from the Midwest, which includes these four states: OH, IL, IA, and IN. There is no need for me to see records of customers from other states.
In the security retrieval I had filtered that my user “Zarate” should only be able to access the records where the State is equal to any of these: OH, IL, IA, and IN.
After compiling your application, click Record Selections. From the Field drop down, select the field that you want to control. In my case the field is the Customer state.
From the Selections drop down, select the Row Level Security. From the Values drop down, select the retrieval containing the users and filters for this application. In my case the retrieval 20 contains the filters of what records I can access depending on the user.
Recompile the application without overriding the HTML or Properties. Now, when I run the application I am only allowed to access those records that match my filter on the retrieval.
The above video explains how to integrate the security retrieval we created above with each application you wish to secure.
For users unable to watch the video, you need to go into the application that will be secured. In our case, lets assume it is a Report. Go into Record Selections, and select "Row Level Security" from the "Relation" drop-down. Next, in the value drop-down, you will see a list of all Row Level Security retrievals that have been built in this dictionary. Select the appropriate one and compile. (There is no need to overwrite the HTML).
Editor's Note: When creating the Row Level Security template, please ensure that the 3rd column listed in the column you wish to secure against.