Tags:
view all tags

Access Control List - Processes

This process allows you to assign security to the processes in your applications.


Overview:

This process allows you to assign security (the 'Access Control List' or ACL) to the processes in your applications. This is the 'Access Control List - Processes' option on the 'Security' tab of the RBS menu.

You assign security by the parent/child combination, ie, you can allow 'Customer File Maintenance' to be run from the 'File Maintenance' menu in A/R, but not from anywhere else. You can assign security at the Database, Department, Workgroup, Role and User levels. Settings at lower levels take priority over higher levels, ie, a setting at an individual user level will override the everything else, or a setting at the Role level will override a setting at the Workgroup, Department or Database level.

When a user selects an option, RBS follows these steps to evaluate their access:

  1. If a User belongs to multiple Roles and Multi-Role setting on the configuration file is set to 'Select', then the first time they run a process they will be prompted for the Role they want to use. This Role will be used for the rest of the session.
  2. If this combination of parent/child was previously selected in the session, then the cached ACL is used and no further processing needs to occur.
  3. Otherwise, for the parent/child combination the system checks for an ACL at the User, Role, Workgroup, Department and Database levels. If a setting is undefined or the ACL is not present, then the setting on the next highest level is used.
  4. If no ACL records were found, then RBS checks to see if there is default ACL for the child process (discussed below).
  5. If there isn't an default ACL for the child, then the system defaults from the configuration file are used.
  6. After the above evaluation, RBS checks to see if any ACL settings are still blank, and if so, uses the settings it determined when the parent of the current process was invoked.
  7. Finally, the result of this check is cached so that it doesn't have to be repeated in the current session.
If the 'Combine' option of Multi-Role support is enabled on the configuration menu, then steps 3, 4, and 5 are repeated for each role the user belongs to. The resulting rights will be:
  • If any Role allows a setting (Run, Add, Delete, Chg), then that setting will be allowed.
  • If any Role would allow the user to log on (based on the Inactivity setting), then the user will be allowed to log in.
  • The longest Timeout value of any Role will be used
The process for determining access to a File or Field is similar.

Since the ACL is maintained by a combination of parent and child, and since Appx does not normally maintain this information, RBS has it's own cross reference file of parent and child processes. When you run this process, you will have the opportunity to refresh this cross reference file before using it to assign the ACL.

Description:

Comments:

Read what other users have said about this page or add your own comments.


-- JeanNeron - 2012-11-05

Edit | Attach | Watch | Print version | History: r7 | r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r2 - 2012-11-05 - JeanNeron
 
  • Edit
  • Attach
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback