.RBS UPDATE SECACL
Allows the designer to update the RBS Access Control file directly. Added in 5.4.7 and 6.0.1. Not present in 6.0.0
Usage:
PASS <action> FIELD SHARE? N
PASS 0AD SECACL RECORD SHARE? N
PASS <Child App Id Hint> FIELD SHARE? N
GOSUB --- .RBS UPDATE SECACL
* Check for errors
IF --- .RBS UPDATE SECACL NE
Description:
This API allows the designer to directly update the RBS Access Control File (SECACL). This is provided for those installations that prefer to have their own interface to Role Based Security instead of using the one in System Administration.
<action> is ADD, CHG, DEL (case insensitive).
<Child App Id Hint> helps identify which parent / child combination you are referring to (Optional, see below).
You have to fill in the fields in SECACL depending what you want to do:
Add, Change or Delete a Process level SECACL record
SECACL PARENT TYPE - set to one of SECDB, SECDEPT, SECWG, SECROLE, SECUSER, depending on what level of security you are setting/deleting.
SECACL PARENT RID - the record id of the associated SECDB, SECDEPT, SECWG, SECROLE, SECUSER record
SECACL PARENT AP ID - The application id of the parent process
SECACL PARENT PROC TY - The Process Type of the parent process (INPUT, OUTPUT, etc)
SECACL PARENT NAM - The name of the parent process
SECACL PROCESS TYPE - The child process type
SECACL PROCESS NAM - The child process name
SECACL RUN ALLOWED - Can the process be run Y/N/blank
SECACL ADD ALLOWED - Can records be added Y/N/blank
SECACL CHG ALLOWED - Can records be changed Y/N/blank
SECACL DELETE ALLOWED - Can records be deleted Y/N/blank
For process type MENU and USER START, the Y/N flags must be filled in. They can be left blank for other types, and they will inherit from a higher level at runtime. If you are deleting a record, you don’t need to fill in the Y/N flags, but everything else must be supplied.
Add, Change or Delete a File level SECACL record
SECACL PARENT TYPE - set to one of SECDB, SECDEPT, SECWG, SECROLE, SECUSER, depending on what level of security you are setting/deleting.
SECACL PARENT RID - the record id of the associated SECDB, SECDEPT, SECWG, SECROLE, SECUSER record
SECACL PARENT AP ID - The application id of the file.
SECACL PROCESS TYPE - Must be set to FILE
SECACL PROCESS NAM - The File name
SECACL RECORD ACCESS - Y/N flag to indicate if the file can be accessed. Cannot be blank for Add/Change.
Add, Change or Delete a Field Level SECACL record
SECACL PARENT TYPE - set to one of SECDB, SECDEPT, SECWG, SECROLE, SECUSER, depending on what level of security you are setting/deleting.
SECACL PARENT RID - the record id of the associated SECDB, SECDEPT, SECWG, SECROLE, SECUSER record
SECACL PARENT AP ID - The application id of the parent process
SECACL PARENT PROC TY - Must be FILE
SECACL PARENT NAM - The name of the file
SECACL PROCESS TYPE - Must be FIELD
SECACL PROCESS NAM - The name of the Field
SECACL FIELD ACCESS - Y/N field to indicate if the field can be accessed. Cannot be blank for Add/Change.
SECACL FIELD CHANGE - Y/N field to indicate if the field can be changed. Cannot be blank for Add/Change.
There are many possible return codes in — .RBS UPDATE SECACL, most are pretty self explanatory but a few need more detail:
SECACL file not found - Couldn’t open SECACL, could be because it needs restructuring or hasn't been created for the application.
Prnt/Chld Not Found - The specified parent/child doesn’t exist in 0SA XREF. You might need to regenerate your applications. See
.RBS REGEN.
SECACL Not Found - The specified SECACL record does not exist (change/delete)
Invalid Fld Acc/Chg - You have specified SECACL FIELD ACCESS = N and SECACL FIELD CHANGE = Y, which doesn’t make sense
<Child App Id Hint> is used when there is more than one child of the same name for the given parent. The SECACL file is maintained in the Child's application, so the API needs to know which Application to open. The Child's Applicaiton Id is not specified in the SECACL record, so it is extrapolated from the 0SA XREF file. However, if there is more than one child with the same name for that parent, the API won't know which one you are referring to and will simply pick the first one it finds. If you pass this Application Id, then the API will know which child you are referring to. For example, consider a main system menu with options for G/L, A/R, A/P, etc. There is a good chance that all the main menus in those applications are called MAIN MENU (or similar). In that case, we have one parent (the main system menu) with several children all with the same name (MAIN MENU). You can pass the <Child Ap Id Hint> to indicate which child you are referring to.
Comments:
Read what other users have said about this page or add your own comments.
--
JeanNeron - 2018-09-05