- Securing Fields and Operations with User Authorization Operations

Securing Fields and Operations with User Authorization Operations

Overview

[PRO] User authorization operations give the developer the ability to restrict a user from viewing

and/or editing any fields or operations based on sign on.

Four types of Authorization Operations are available.

• • User Authorization List Operation

  • User Authorization (SQL) Operation

  • User Group Authorization List Operation

  • User Group Authorization (SQL) Operation

Authorization Operations should only be referenced by fields/operations included within secure applications

The field/operation being secured must exist within a secure application that requires a sign on.

If the user has not signed on to the application or the application does not require a sign on then

authorization will fail and the user will not have access to the field/operation.

User Authorization List

This type of operation holds a static list of user names that is defined when the authorization

operation is created.

The list of user names cannot be changed except by changing the authorization operation itself.

This is authorization operation is useful when a small number of users will have restricted access

to certain fields and/or operations.

Creating User Authorization List

This is the screen where the application builder creates the User Authorization List Operation.

Each relevant setting is described below.

Basic

Operation Type - User Authorization List

Operation Code - A static list of comma separated names

User Authorization Operation

This type of operation uses SQL to retrieve a list of users (user ID's) that are authorized to use

an operation or field. The list of user names is dynamically generated, which provides greater

flexibility.

As of WOW 7.5, a new method of Authorization, using the string 'WOW_TRUE', can be used to

authorize when no user names are available or no sign-on operation is being used.

Creating User Authorization Operation

This is the screen where the wow builder creates the User Authorization Operation. Each relevant

setting is described below:

Basic

Operation Type - User Authorization Operation

Operation Code - SQL used to retrieve a list of the desired user names (user ID's).

Creating 'WOW_TRUE' User Authorization Operation

To use the WOW_TRUE feature for Authorization Operation, create an operation similar to the example

above. The difference will be in the SQL that is used.

Basic

Operation Type - User Authorization Operation

Operation Code - SQL will be similar to the following example:

SELECT 'WOW_TRUE' FROM mylib.some_table WHERE someField = someValue

An example of an actual SQL is as follows:

SELECT 'WOW_TRUE' FROM pjdata.employee WHERE ??!JOB = 'MANAGER'

The above example was used to limit the visibility of a field. There is a more in-depth explanation of this

feature available HERE.

User Group Authorization List

This type of operation holds a static list of group names that are defined when the authorization

operation is created.

The list of group names cannot be changed except by changing the authorization operation itself.

This authorization operation is useful when a small number of user groups will have restricted access

to certain fields and/or operations.

Creating User Group Authorization List

This is the screen where the wow builder creates the User group Authorization List Operation. Each

relevant setting is described below.

Basic

Operation Type - User Group Authorization List

Operation Code - A static list of comma separated group names

User Group Authorization Operation

This type of operation uses SQL to retrieve a list of group names that are authorized to use an

operation or field. The list of group names is dynamically generated, which provides greater

flexibility.

Creating User Group Authorization Operation

This is the screen where the wow builder creates the User Group Authorization operation. Each

relevant setting is described below:

Basic

Operation Type - User Group Authorization Operation

Operation Code - SQL used to retrieve a list of the desired group names.