- Securing Fields and Operations with User Authorization Operations
Securing Fields and Operations with User Authorization Operations
Overview
[PRO] User authorization operations give the developer the ability to restrict a user from viewing
and/or editing any fields or operations based on sign on.
Four types of Authorization Operations are available.
User Authorization List Operation
User Authorization (SQL) Operation
User Group Authorization List Operation
User Group Authorization (SQL) Operation
Authorization Operations should only be referenced by fields/operations included within secure applications
The field/operation being secured must exist within a secure application that requires a sign on.
If the user has not signed on to the application or the application does not require a sign on then
authorization will fail and the user will not have access to the field/operation.
User Authorization List
This type of operation holds a static list of user names that is defined when the authorization
operation is created.
The list of user names cannot be changed except by changing the authorization operation itself.
This is authorization operation is useful when a small number of users will have restricted access
to certain fields and/or operations.
Creating User Authorization List
This is the screen where the application builder creates the User Authorization List Operation.
Each relevant setting is described below.
Basic
Operation Type - User Authorization List
Operation Code - A static list of comma separated names
User Authorization Operation
This type of operation uses SQL to retrieve a list of users (user ID's) that are authorized to use
an operation or field. The list of user names is dynamically generated, which provides greater
flexibility.
As of WOW 7.5, a new method of Authorization, using the string 'WOW_TRUE', can be used to
authorize when no user names are available or no sign-on operation is being used.
Creating User Authorization Operation
This is the screen where the wow builder creates the User Authorization Operation. Each relevant
setting is described below:
Basic
Operation Type - User Authorization Operation
Operation Code - SQL used to retrieve a list of the desired user names (user ID's).
Creating 'WOW_TRUE' User Authorization Operation
To use the WOW_TRUE feature for Authorization Operation, create an operation similar to the example
above. The difference will be in the SQL that is used.
Basic
Operation Type - User Authorization Operation
Operation Code - SQL will be similar to the following example:
SELECT 'WOW_TRUE' FROM mylib.some_table WHERE someField = someValue
An example of an actual SQL is as follows:
SELECT 'WOW_TRUE' FROM pjdata.employee WHERE ??!JOB = 'MANAGER'
The above example was used to limit the visibility of a field. There is a more in-depth explanation of this
feature available HERE.
User Group Authorization List
This type of operation holds a static list of group names that are defined when the authorization
operation is created.
The list of group names cannot be changed except by changing the authorization operation itself.
This authorization operation is useful when a small number of user groups will have restricted access
to certain fields and/or operations.
Creating User Group Authorization List
This is the screen where the wow builder creates the User group Authorization List Operation. Each
relevant setting is described below.
Basic
Operation Type - User Group Authorization List
Operation Code - A static list of comma separated group names
User Group Authorization Operation
This type of operation uses SQL to retrieve a list of group names that are authorized to use an
operation or field. The list of group names is dynamically generated, which provides greater
flexibility.
Creating User Group Authorization Operation
This is the screen where the wow builder creates the User Group Authorization operation. Each
relevant setting is described below:
Basic
Operation Type - User Group Authorization Operation
Operation Code - SQL used to retrieve a list of the desired group names.