mrc logo mrc logo
  • m-Power m-Power
    What is m-Power?
    Overview Demos Build Process Case Studies Specs Pricing Trial
    m-Power Resources
    Overview How-To Videos Webinars & Podcasts White Papers Fact Sheets
  • Solutions Solutions
    What does m-Power build?
    Overview Database Front-Ends Reporting CRM Systems Business Intelligence Dashboards Inventory Management Mobile Apps ERP Enhancements Modernization Spreadsheets to the web MS Access to the web B2B/Web Portals Scheduling Embedded Analytics Web Forms Workflow Data Exploration Budgeting & Forecasting APIs and Web Services Db2 Web Query Alternative
    Solutions by Industry
    Overview Manufacturing Government Foodservice Software Vendors Logistics & Supply Chain Software Consultants Healthcare
  • Services Services
    Development Services Training Mentoring
  • About About
    Overview Partners Press Releases Careers Events Contact Blog
  • Support Support
    Support Home FAQ Documentation Customer Portal Enhancements Updates Roadmap Techblog
Try m-Power

m-Power Manual

Browse:

  • Home
  • Security
  • Secure by User or Session ID
Back to Manual

Secure by User or Session ID

 

After you have implemented Sign on Security (see here), you may want to control who can see which records. For instance, if I have an order history table for five customers, each customer should only be able to see their own records. Rather than making five separate applications, we can create one and implement security on it.

Of course, in all cases we can utilize Row Level Security (learn more about this here), however if the user's USERNAME (or Session ID) is listed in the table, we can utilize a feature of our servlets called "Secure By". When active, the User Name field (specified by being the first key field within your application), is compared in the SQL statement to your login. Only matching records will be shown.

To set up, only a few things need to be in place.

  1. The first field listed in Field Settings must be the UserName or Session ID field.
  2. You must be utilizing the mrc built in Sign-on logic (mrcSignon2).
  3. You must activate the Secure By Feature. To do this, please see the following information:
      1. Compile your application as you normally would (making sure to first sequence by the USERNAME field).
      2. Next, go into Application Properties, and click the "SQL Statement" tab.
      3. Then, find the "Secure Application by" option, and choose "User Name".

    1. Click Save.

Here is a screenshot before Secure By security was implemented:

And here is the after shot:

Since I logged on as HURCKES, I can only see "Hurckes" records. Further, if I turn on debug, you can see the SQL statement that was generated:

The WHERE T01."USER"='HURCKES' was added because the Secure By function was implemented.

Note: The end user has no way to modify this SQL statement.

Other Notes:

  • The same functionality is available for Session IDs. A session ID is a 40 character field given from your browser that serves as a unique identifier and can be very useful when tracking users between multiple screens. An example can be seen in this post on our Tech Blog regarding creating Shopping Carts, found here.
  • Secure By is case sensitive. If I login lowercase, but the data is uppercase, it will not find any matches. The recommended solution in this case is to either utilize JavaScript on your Sign on page or utilize Row Level Security.
  • In my example my USERNAME field happened to be "USER". In your applications, the field can be any name so long as it is the first key field.

 

Created: May 29, 2008 | Modified: June 12, 2017

Search


Browse By Category

Build Process (13)
Starting with m-Power (8)
Retrievals (10)
Reports (15)
Summaries (4)
Maintainers (17)
Graphs (8)
m-Power Data Explorer (4)
General (24)
Calculations (5)
Utilities (9)
m-Power Administration (23)
Security (11)
Freemarker (6)
m-Painter (29)
Form Validation (5)
External Objects & UDFs (12)
Deprecated Documentation (23)
Bootstrap Templates (7)

Popular Tags

Report Graphs Data Dictionary Freemarker Video Bootstrap Templates Summaries Reports Dropdowns App Properties Performance Admin Graphing mrc-Productivity Series Parameters RPG Compiling Java Graph Properties External Objects Bar Graphs Retrievals Application Properties Database Tomcat Popular Dates Security Record Selections Prompt Screens Build Process Maintainer Maintainers Retrieval Email DB2 Administration Excel Advanced Calculations Getting Started SQL Form Validation m-Painter Production

See all tags »

michaels, ross & cole, ltd. (mrc)

Privacy Policy Cookie Policy Cookie Settings Notice at Collection Do Not Sell or Share My Personal Information

mrc (US)

2001 Midwest Road
Suite 310
Oak Brook, IL 60523
630-916-0662

mrc (UK)

Mortlake Business Centre
20 Mortlake High Street
London, SW14 8JN
+44-20-335-59566


© 2024 mrc. All rights reserved.