Data Authorization - Column
- 10 Feb 2022
- 5 Minutes to read
- Contributors
- Print
- DarkLight
Data Authorization - Column
- Updated on 10 Feb 2022
- 5 Minutes to read
- Contributors
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback!
Data authorization – Column
Authorization on this level will hereafter be referred to as a column authorization rule.
The previous chapter dealt with setting authorization on column level for a specific table (table authorization rule). Such a rule is only applicable for the columns that reside in that specific table.
This chapter is also about authorization on column level but when a table authorization rule works on columns in a specific table, a column authorization rule applies to a column even if it is part of several tables i.e. to all those columns. That is the crucial distinction between a table- and a column
All authorization settings defined in a column authorization rule will override input/output settings done in portlets!
Selecting the data authorization (column) task will take you to the data authorization (column) main portlet as below.
Figure 209 Data authorization (column) main portlet
Table 129 Data authorization (column) main portlet fields
Realm | Name of the Realm |
Type | Either “User” or “Group”. The table authorization rule is defined for either a user or a user group. |
User/Group | Name of the user or group to which the table authorization rule applies. |
Meta data id | Name of the Meta data id to which the table authorization rule applies. |
Column | Name of the specific column to which the column authorization rule applies. |
Accessibility | Type of accessibility to the column: 0 – Unspecified – This means that the user/user group will have access to the column in the way that it is defined for the portlet(s) (input or output) i.e. nothing is overridden by the column authorization rule. 1- View – This means that the user/user group will have column view (output only) rights. 2 – No Access – This means that the user/user group not will be able to see the column (neither input nor output). |
Table 130 Possible data authorization (column) main portlet button options
| Refreshes the view |
| Closes the task |
Create column authorization rule – By example
In this example the user group “P-ADMIN” will be set to have “No access” to the column “AggregateQuantity” which is part of the MetaDataId “CAAPPS” if the AggregateQuantity is in between the range of 400 to 600.
Should the rule evaluate true then the column will not be visible to anyone in the user group P-ADMIN regardless of which table(s) the column resides in (as long as the column(s) is part of the CAAPPS MetaDataId).
To create a column authorization rule then right click and choose create as in Figure 210.
Figure 210 Right click – Create column authorization rule
This will take you to the view below:
Figure 211 Column authorization rule create view I
Complete the form:
Realm – Choose the realm to which the rule should apply (here “TEST”)
Type – Choose if the column authorization rule should apply to a single user or a user group (here “User group”).
User/Group - Specify user/user group to which the rule should apply. Prompt with F4 to get a list of all possible users/user groups (here “P-ADMIN” user group).
Meta data Id – Choose the Meta data Id in which the column resides (here “CAAPPS”).
Column - Find the desired column by prompting with F4 (here “AggregateQuantity”).
Accessibility – Specify the desired accessibility level for the column:
0 – Unspecified – This means that the user/user group will have access to the column in the way that it is defined for the portlet(s) (input or output) i.e. nothing is overridden by the column authorization rule.
1- View – This means that the user/user group will have column view (output only) rights.
2 – No Access – This means that the user/user group not will be able to see the column (neither input nor output).
Click the create button and the rule will be created (se button options below)!
Table 131 Create column authorization rule button options
| Refreshes the view |
| Cancels the creation of the column authorization rule and returns to the previous view |
| Confirms creation of the column authorization rule and returns to the previous view |
With the choices made in this scenario the view will look like below:
Figure 212 Column authorization rule create view II
Add a criterion for this column authorization rule by right clicking in the lower segment and choosing “Insert” as in Figure 212
Specify as in Figure 213
Figure 213 Column authorization rule create view III
This means that the rule we are creating only will be applied if “AggregateQuantity” is between 400 and 600. In all other cases the column authorization rule will be disregarded!
Click “Update” and the created rule is updated!
Table 132 Update (in creation time) column authorization rule button options
| Refreshes the view |
| Cancels the update of the created column authorization rule and returns to the previous view |
| Confirms update of the created column authorization rule and returns to the previous view |
The rule we have just created will only apply if the value of the “AggregateQuantity” column is in between 400 and 600. Should that evaluate true then the user group “P-ADMIN” will not be able to have any access whatsoever (input or output) to the AggregateQuantity column regardless of which tables it resides in (one or more) as long as the column(s) are part of the “CAAPPS” MetaDataId.
Update column authorization rule
To update a column authorization rule right click the rule and choose Update as below (a row click will have the same effect).
Figure 214 Right click – Update column authorization rule
This will take you to the column authorization rule update view.
Figure 215 Update table authorization rule portlet details
Updates to the rule are done in exactly the same way as defined in chapter 4.7.1.1 starting on page 164!
Delete column authorization rule
To delete a column authorization rule right click the rule and choose Delete as below.
Figure 216 Right click – Delete column authorization rule
This will take you to the table authorization rule delete view.
Figure 217 Delete column authorization rule portlet details
Table 133 Delete column authorization rule button options
| Refreshes the view |
| Cancels deletion of the column authorization rule and goes back to the previous view |
| Confirms deletion of the column authorization rule and returns to the previous view |
View column authorization rule
To view a column authorization rule right click the rule and choose View as below.
Figure 218 Right click – View column authorization rule
This will take you to a non editable column authorization rule view.
Figure 219 View table authorization rule portlet details
Table 134 View column authorization rule button options
| Refreshes the view |
| Goes back to the previous view. |
Was this article helpful?