Data Authorization - Table

Data Authorization - Table

This text will deal with how to set authorization on the level of columns in a specific table. An authorization definition on this level will be referred to as a table authorization rule. A rule of this kind will apply to columns for a specific table in contrast to a column authorization rule (as dealt with in Data Authorization - Column) that will apply to a column regardless of which table it resides in.

All authorization settings defined in a table authorization rule will override input/output settings done in portlets!

Selecting the data authorization (table) task will take you to the data authorization (table) main portlet as below.

Figure 195 Data authorization (Table) main portlet

Right clicking in the table data authorization main portlet will give you all possible user administration actions; create, update, delete and view.

Figure 196 Possible table data authorization administrative actions

Table 123 Data authorization (table) main portlet fields

Table 124 Possible data authorization (table) main portlet button options

Create table authorization rule – By example

In this example the user “MyUser” will be set to have “No access” to the column “PurchasePrice” located in the table “ItemMaster” (which is part of the MetaDataId “CAAPPS”) if the PurchasePrice is equal to 600 or greater than 1000.

1. To create a table authorization rule then right click and choose create as in Figure 196.

This will take you to the view below:

Figure 197 Table authorization rule create view I

Complete the form:

Realm – Choose the realm to which the rule should apply (here “TEST”)

Type – Choose if the table authorization rule should apply to a single user or a user group (here “User”).

User/Group - Specify user/user group to which the rule should apply. Prompt with F4 to get a list of all possible users/user groups (here “MyUser”).

Meta data Id – Choose the Meta data Id in which the table resides (here “CAAPPS”).

Table - Find the desired table by prompting with F4 (here “ItemMaster”).

Click the create button and the rule will be created (se button options below)!

Table 125 Create table authorization rule button options

With the choices made in this scenario the view will look like below:

Figure 198 Table authorization rule create view II

Add a criterion for this table authorization rule by right clicking in the mid segment and choose “Insert” as in Figure 198.

Specify as in Figure 199.

Figure 199 Table authorization rule create view III

Once again click in the mid segment but this time choose “Add” (this will add a second criteria).

Specify as in Figure 200.

Figure 200 Table authorization rule create view IV

This means that the rule we are creating only will be applied if PurchasePrice is equal to 600 or greater than 1000. In all other cases the table authorization rule will be disregarded!

In the bottom segment set the “PurchasePrice” column to “No access”.

0 – Unspecified – This means that the user/user group will have access to the column in the way that it is defined for the portlet(s) (input or output) i.e. nothing is overridden by the table authorization rule.

1- View – This means that the user/user group will have column view (output only) rights.

2 – No Access – This means that the user/user group not will be able to see the column (neither input nor output).

With all of this specified the view should look like in Figure 201.

Figure 201 Table authorization rule create view V

Click “Update” and the created rule is updated

Table 126 Update (in creation time) table authorization rule button options

The rule we have just created will only apply if the “PurchasePrice” column is equal to 600 or greater than 1000. Should that evaluate true then the user “MyUser” will not be able to have any access whatsoever (input or output) to the specific column PurchasePrice. Because all other columns are set to “Unspecified” the user will have access to the columns as defined in the portlet(s).

Update table authorization rule

To update a table authorization rule right click the rule and choose Update as below (a row click will have the same effect).

Figure 202 Right click - Update table authorization rule

This will take you to the table authorization rule update view.

Figure 203 Update table authorization rule portlet details

Updates to the rule are done in exactly the same way as defined in chapter 4.6.1.1 starting on page 155!

Delete table authorization rule

To delete a table authorization rule right click the rule and choose Delete as below

Figure 204 Right click - Delete table authorization rule

This will take you to the table authorization rule delete view.

Figure 205 Delete table authorization rule portlet details

Table 127 Delete table authorization rule button options

View table authorization rule

To view a table authorization rule right click the rule and choose View as below.

Figure 206 Right click - View table authorization rule

This will take you to a non editable table authorization rule view.

Figure 207 View table authorization rule portlet details

Table 128 View table authorization rule button options