Report Writer Security
From PxPlus
A number of new security related features have been added to the Views and Report Writer sub-systems in PxPlus.
Contents |
Security Overview
The new security options are, for the most part, based on the standard ProvideX Nomads Security (see http://docs.pvxplus.com/PVXNOMADS.pdf#page=250). They allow you to control which group of user can access and edit Views and Reports. In addition data files and the fields within the data files can be controlled using the security system.
Core Data file Security
The Data Dictionary security setting that on prior releases were only enforced by the ODBC driver have been extended to work with the Views and Report Writer. The security rules set in the Data Dictionary will be applied regardless as to whether the file was accessed by Table name of physical file pathname.
To set data security, call up the Data Dictionary Maintenance utility, select the Table and Field, then click on the ODBC tab in the lower right.
Field Level Security
Click to enlarge
Users that have View or Full access to a file field can add the field to a View or Report. Should the View/Report be run by a user without at least View access to a field, the value in the field will be zero (0) if numeric or blank if a string.
In addition the standard Nomads security system the ODBC security options of hiding the field or the field contents will also apply to data fields.
File Level Security
In order to provide File Level security, no file may be opened by the Views or Report Writer subsytem by a user that does not have at least 'view' access rights to all fields in the primary key of a file.
To prevent access to a file simply restrict access to any field in the primary key will restrict access to the file.
Report Writer Security
The Report Writer had a number of new options added to it in order to provide for security. A menu item was added to the report writer that allows the designer to control who may run a report and change the report definition.
Report Security
Based on the security selected, users which belong to a group with 'Full' access may edit a report layout, those who belong to a group with 'View' access may run a report. Those with neither cannot edit or run a report.
The security setting are saved on the report definition and can only be changed by someone with Full access to the report. If no security setting is present, the report can be run/editted by anyone.
Input Source Security
It is also possible to restrict the types of input data sources that can be used by the Report Writer by setting the system global variable %RW_SUPPRESS$.
This variable must consist of a series of characters to indicate what type of input data to suppress within the Report designer.
| Chr. | Type of Input source suppressed | "F" | Physical Files | "T" | Tables from the Data Dictionary | "D" | External Databases | "O" | Data Objects | "V" | ProvideX/PxPlus Views |
|---|
By default %RW_SUPPRESS$ is null, therefore any input data source may be used to create a report. To disable any type of input source the application merely has to add the corresponding character to %RW_SUPPRESS$. For example:
%RW_SUPPRESS$="TF" ! Disable input from Physical files or Tables
Field Security
When defining reports from physical files or tables, file and field level security is checked. Fields for which the user does not have any access rights can not be used within a report.
Reports that access secured fields by users that don't have at least view access to data fields, will report a null string or zero (number/string).
Views/Data Sources
The Views Maintenance subsystem has also been enhanced to adhere to the Data Dictionary security settings and the View definitions themselves can also be secured.
When a View is secured, it can be used by any user whose group has 'view' access and edited by users that have 'full' rights.
File and field level security also controls the data that will be returned by a View. Fields for which the user has no rights will always return no data or zero.
