mrc logo mrc logo
  • m-Power m-Power
    What is m-Power?
    Overview Demos Build Process Case Studies Specs Pricing Trial
    m-Power Resources
    Overview How-To Videos Webinars & Podcasts White Papers Fact Sheets
  • Solutions Solutions
    What does m-Power build?
    Overview Database Front-Ends Reporting CRM Systems Business Intelligence Dashboards Inventory Management Mobile Apps ERP Enhancements Modernization Spreadsheets to the web MS Access to the web B2B/Web Portals Scheduling Embedded Analytics Web Forms Workflow Data Exploration Budgeting & Forecasting APIs and Web Services Db2 Web Query Alternative
    Solutions by Industry
    Overview Manufacturing Government Foodservice Software Vendors Logistics & Supply Chain Software Consultants Healthcare
  • Services Services
    Development Services Training Mentoring
  • About About
    Overview Partners Press Releases Careers Events Contact Blog
  • Support Support
    Support Home FAQ Documentation Customer Portal Enhancements Updates Roadmap Techblog
Try m-Power

m-Power Manual

Browse:

  • Home
  • Security
  • Locking Down your Applications
Back to Manual

Locking Down your Applications

 

In May of 2017, the Application Security feature was enhanced. Developers now have an additional option when securing applications. Option 1, Locking down an entire dictionary, and allowing only certain applications to be accessible, is the traditional method and is explained here. Option 2, allows all applications in a dictionary to be accessible, except for the ones listed. Listed applications are only accessible to the assigned roles. More information can be found here.

As a visual example, see the screenshot below:


In option 1, traditional security, users of the role admin could run I20. Sales users could only run R10. Any user that belonged to another role would be locked out of every other application in the dictionary. Further, even admin or sales role users would be restricted from anything other than their listed app.

By contrast, Opt-in security works differently. In the screenshot above as reference, all applications in the dictionary could be run by all users except those listed here. In these cases, admin users could only run I20, and sales users could only run R10. However, all other applications are available to all users.

Option 1 — Traditional

Many times you will want to specify that only a certain group of users can access an application. Perhaps it is a confidential (HR, Payroll, Executive data) application that needs restriction or one that can alter data (such as maintenance applications). Our Menuing System helps (most users won't access options they don't know about), but if a user were to stumble upon a page or know the URL, they could still be able to access the application.

But not anymore. One of our security features, called Application Security, limits who can access what application. The best part of the feature is that it builds upon what you have already done for your Menuing System (If not, please review the Menuing System documentation here).

For this document, I will assume you already have a healthy list of Users, Applications, and Roles defined for your Data Dictionary. Next, all you have to do is click "Admin Menu" –>
"Application Menu and Security" –> "Manage Application Security."

Click the "Add" button. Specify a Role, Application Type, and Application Number.

Note: The Roles should match the Roles that are already defined in the Menuing System.

When completed, your screen may look something like this:

In the mean time, we have created some new objects in your Data Dictionary Folder, including MrcAppSecurity.java and MrcAppSecurity.class. Although these files have been built in, they are fully customizable. If you would like to customize your security to work in combination with your own JAVA or RPG code, you are able to fully modify the MrcAppSecurity.java object. If you decide to do this, make sure you compile this JAVA object.

Lastly, while everything has been put in place, you must implement the Application Security. Once you do this, the only applications that will be accessible are the ones listed in the table above. To implement, simply click the "Enable Application Security" from "Admin Menu" –> "Application Menu and Security" button.

At runtime, if an application is included in the list above, ONLY the users assigned to the specific role will be able to access the given application.

If a user is not assigned, the application can not, and will not, display output to the user.

Other important information to consider:

  1. For this feature to work, you must recompile any application you wish to use for this security feature once you have taken an update dated May 5th, 2008 or later. Overwriting the Presentation Layer and Application Properties File is not necessary.
  2. Just like the built-in sign on logic, the built-in Application-Level Security is session-based. That means that every time you log on, the browser can remember who you signed on as, just as it will remember what applications you are allowed to access.
  3. If you have Application-Level Security enabled, and generate an application and try to run it prior to loading it to the Application Security Menu, you will be told that you do not have access to that application.
  4. Once you add the application and attempt to reload it, you will still not be allowed to run the application, unless you open a new browser or if Tomcat is restarted.
  5. For this reason, mrc recommends that you utilize Application Level Security only in production environments, where it is truly needed.

Option 2 — Application Opt-In

If you have an existing Application Security in your Dictionary, navigate to /mrcjava/WEB-INF/classes/DATADICTIONARY/ and delete the mrcAppSecurity.java and mrcAppSecurity.class files, as these files need to be updated to include the latest features.

Next, head to Admin -> Edit Dictionary Files -> Servlet Properties. At the end of the list, look for a property named "Application Security Mode." Change this value to "Opt In Applications." Be sure to Save.

Head back to your Security screen, via Admin -> Application Menu & Security -> Manage Application Security. Notice the text that says "Secure only opted-in applications."

Now, all applications will be accessible except any that are listed. Any that are listed will only be accessible to the roles that are listed.

Created: May 5, 2008 | Modified: May 10, 2017

Search


Browse By Category

Build Process (13)
Starting with m-Power (8)
Retrievals (10)
Reports (15)
Summaries (4)
Maintainers (17)
Graphs (8)
m-Power Data Explorer (4)
General (24)
Calculations (5)
Utilities (9)
m-Power Administration (23)
Security (11)
Freemarker (6)
m-Painter (29)
Form Validation (5)
External Objects & UDFs (12)
Deprecated Documentation (23)
Bootstrap Templates (7)

Popular Tags

DB2 Excel m-Painter Prompt Screens Advanced Summaries External Objects Performance Parameters Retrieval Retrievals Build Process Bootstrap Templates RPG Tomcat Report Dates Maintainer Bar Graphs Data Dictionary Form Validation Production Email Administration Video Reports Getting Started Compiling Application Properties Graph Properties Record Selections SQL Graphs Graphing Dropdowns Admin Security Database App Properties Java Freemarker mrc-Productivity Series Popular Maintainers Calculations

See all tags »

michaels, ross & cole, ltd. (mrc)

Privacy Policy Cookie Policy Cookie Settings Notice at Collection Do Not Sell or Share My Personal Information

mrc (US)

2001 Midwest Road
Suite 310
Oak Brook, IL 60523
630-916-0662

mrc (UK)

Mortlake Business Centre
20 Mortlake High Street
London, SW14 8JN
+44-20-335-59566


© 2024 mrc. All rights reserved.