Page 1 of 1

Configuring View_acess Rules in DBSecurityManager

PostPosted: Wed Dec 21, 2011 6:24 pm
by prakashg
Hello,

I am very new to Jvx, What does View_access Rules in DBSecurityManager do? shall roles and access rules be configured for screens using this, I would like to generate menu based on roles, what is the right way to do it?

-Regards
-Prakash G

Re: Configuring View_acess Rules in DBSecurityManager

PostPosted: Wed Dec 21, 2011 6:57 pm
by Support@SIB
The access rules, control the access to life-cycle objects per user (see javadoc). No access means Master- or SubConnection creation fails!

The feature is useful if your application menu is not hard-coded e.g. read it from a database or remote config files. Or it is great if you group some actions into life-cycle objects but it should not be possible, for every user, to call the actions. You need restrictions per user to access specific life-cycle objects.

It is possible to implement your own security manager or re-use the DBSecurityManager which offers a full reference implementation based on tables/views.

Do you develop something like this?

Our showcase app Packung! has such a dynamic menu.


Assumption:
You have roles and want to assign screens to roles.
You assign roles to users (means, a user has a list of screens).

The application menu is created automatically based on "user screens".


Possible solution:
You need tables for screens, roles, users. Create relations between them.

You should use the DBSecurityManager and use the USERS table as described [url=forum.sibvisions.com/viewtopic.php?f=11&t=149&p=201]here[/url].

If you use the DBSecurityManager, you should create a view (table is also possible but not so dynamic) with the name V_ACCESSRULES (columns: USERNAME, LIFECYCLENAME). The view should return the allowed life-cycle object names per user.

Now, a user is not able to call actions or objects from life-cycle objects that are not granted.

Re: Configuring View_acess Rules in DBSecurityManager

PostPosted: Thu Dec 22, 2011 4:28 pm
by prakashg
Thanks a lot for the response.
I have used the DBSecurityManager login, change password works fine. I am looking at a implementation of dynamic menu based on roles if the framework provides out of the box(I am doing a poc), I am looking at a implementation similar to the you tube video you have posted.
Thanks again for the elaborate response.

Re: Configuring View_acess Rules in DBSecurityManager

PostPosted: Thu Dec 22, 2011 5:09 pm
by Support@SIB
The framework does not have the implementation for your problem out-of-the-box. But it has everything what you need, to implement it.

We solved the problem with a custom Application implementation. This Application extends the Standard JVx application and adds some features. The implementation is open source and will be available in the next months.

But for your POC, it is not hard to implement what you want:

After the successful login, you should call a server object that returns the screen configuration (menu, title, class name, life-cycle object name). The server object reads the configuration via DBStorage from the database. You need one flat table where you insert your screens.
After you got the information, create your application menu and open the configured screen.

A short example:

Create a server object, e.g.

Code: Select all
public class ScreenConfig
{
    public List<IBean> getAvailableWorkScreens()
    {
        //fetch config from database
    }
}

Configure the Server-Object in your Session LCO, e.g.

Code: Select all
public ScreenConfig getScreenConfig()
{
   ScreenConfig scfg = (ScreenConfig)get("screenConfig");
   
   if (scfg== null)
   {
      scfg = new ScreenConfig();
      
      put("screenConfig", scfg);
   }
   
   return scfg;      
}


And finally, the client call:

Code: Select all
@Override
protected void afterLogin()
{
    super.afterLogin();

    if (isConnected())
    {
        List<IBean> liBeans = (List<IBean>)getConnection().call("screenConfig",
                                                                "getAvailableWorkScreens");

        //create your menu
    }
}


This should simplify your tests.