Embedded Files
The following is an example of securing Fields and Operations using a User Authorization Operation and the "WOW_TRUE" feature. This option is useful when there are requirements for securing fields or operations based on other values within the operation. This example will describe the procedure to hide a tab in a Tabbed operation based on a value in the Tab Parent row.
For this example, we'll be using a table called PJDATA.EMPLOYEE; this table contains sample data related to employees (Names, Contact Information, Employee information). We will also use a table called PJDATA.DEPARTMENT which contains information about the Work Department of the Employee.
In this example, the Tab Operation will contain the following SQL:
SELECT '' AS D_DEPT, '' AS D_DEPTEMP, '' AS D_ALLEMP, e.* FROM pjdata.employee e [[ WHERE job = ? ]]
The 3 Derived fields are being selected to attach Association Operations to. They will be what will render as tabs in the Tab Operation. The Operation inside the WOW Builder looks something like this:
The Operation Type is set up to Tabbed and the SQL is entered. Now 3 Association Operations must be created to set up on the Derived fields (D_DEPT, D_DEPTEMP, D_ALLEMP) so they will show up as tabs and be available for users to access.
The following code will be used to set up the 3 Association Operations:
Department Information: SELECT * FROM pjdata.department WHERE deptno = ??workdept
Department Employees: SELECT * FROM pjdata.employee WHERE workdept = ??workdept
All Employees: SELECT * FROM pjdata.employee
Each of these operations should be set up to be an Association, so the Operation Type should be either Association 1-1 or Association 1-Many, depending on how many rows are expected as a result. In the above case, Department Information is an Association 1-1 and the other operations are 1-Many.
Now, in this example, the Tabs for Department Employees and All Employees should not be available when looking at any employee in the Tab operation. The only time the user should be allowed to see the Department Employees tab is if the selected Employee is has a Job value of 'MANAGER'. Similarly, the only time the user should be allowed to see the All Employees tab is if the selected Employee has a Job value of 'PRES'. To achieve this by only using a WOW based solution the use of the "WOW_TRUE" functionality of the User Authorization Operation is the best method.
The next step will be to set up 2 User Authorization Operations. These operations will be set up on the Association operations to restrict access to those tabs based upon the rows selected.
The following code will be used to set up the 2 User Authorization Operations:
MANAGER Only: SELECT 'WOW_TRUE' FROM pjdata.employee WHERE ??!JOB = 'MANAGER'
PRES Only: SELECT 'WOW_TRUE' FROM pjdata.employee WHERE ??!JOB = 'PRES'
Notice in the above SQL, we only select a derived value of 'WOW_TRUE'. This string is used within the WOW code to allow for access to the operation or field if a resulting row is returned from the SQL query. In other words, if the JOB field in the Tab Parent row has a value of MANAGER, any operation or field secured by the MANAGER Only operation will display or allow editing. Also notice the ??!JOB parameter that is being used in the SQL, this is called a Global Parameter. Find out more about Global Parameters in the Builders Guide HERE.
Once the User Authorization Operations are set up, they need to be set up on the proper operations. The Department Employees Association Operation should be assigned the MANAGER Only User Authorization Operation. The All Employees operation should be assigned the PRES Only User Authorization Operation. The following image is an example of a User Authorization Operation set up on an Operation:
The 2 relevant fields in the above image are as follows:
Security Type = Operation Security
Execute Authority Operation = MANAGER Only
In the case of this example, the JOB field will also need to be set as a Global field using the Field Descriptor Usage ID value. Once this is finished, when the Tab Operation is run and a row is selected, the security on the Department Employees and All Employees operations should be in place and the tabs should no longer display when not viewing another job category record.
This method works to secure Fields as well, using Field Level Authorization combined with the WOW_TRUE Authorization Operation
A demonstration application using this sample can be found HERE.
Page updated
Report abuse