Introduction
Application security is no longer limited to large enterprise systems. Small and medium businesses alike are discovering the benefits of keeping sensitive areas of an application protected from unauthorized personnel. In many cases, adequate security is a must in order to have business or trading partnerships with particular industries and government agencies. The Security Manager provides highly customizable protection over the way the application is accessed.
Components
| Name | Description |
|---|---|
| DBW_SECURITY_MANAGER | Primary form where application components are registered to be governed by the Security Manager. |
| DBW_GROUP_ACCESS | Allows security policies that apply to a group of users to be defined. This is an MDI Child and is designed to run from within FRW_MAIN so that certain users of the application (e.g. managers) can add or modify group security profiles. |
| DBW_USER_ACCESS | Defines which users can access the application and what group security profile they belong to. This is also where user overrides to the group security is defined. |
| NDW_CONTROL_MANAGER | Used by DBW_GROUP_ACCESS and DBW_USER_ACCESS to define any control-specific security settings. |
| Verify_Access | Stored procedure that returns the access level of the current user for a given form. Can be used by the developer at any time to validate whether a form attempting to be launched should be accessible. |
| Verify_User_Access | Stored procedure called by the FRW_MAIN Commuter Module to configure available menu options and toolbar buttons for the current user. |
| DBW_Security_Manager_Events | Stored procedure Commuter Module for the DBW_SECURITY_MANAGER form. |
| DBW_Group_Access_Events | Stored procedure Commuter Module for the DBW_GROUP_ACCESS form. |
| DBW_User_Access_Events | Stored procedure Commuter Module for the DBW_USER_ACCESS form. |
| NDW_Control_Manager_Events | Stored procedure Commuter Module for the NDW_CONTROL_MANAGER form. |
Using the Security Manager
The FrameWorks Security Manager provides the developer with a way to identify which forms, menu items, toolbar buttons, and shortcut items should be governed. Components which are not registered are automatically available to all users. Thus, security in SRP FrameWorks works on a "benefit of the doubt" methodology. However, the developer is free to modify how the security principles operate. Implementing security with SRP FrameWorks is summarized in the Adding A Form to SRP FrameWorks page. This information and additional details are documented below.
Security Configuration
Use the DBW_SECURITY_MANAGER form to add, remove, or modify security managed components. This should be accessed from within the Application Manager:
Once the Security Manager form is launched, the user is presented with a configuration grid:
| Column | Description |
|---|---|
| Name | This is the user-friendly name of the component. This is what appears in other forms related to security management (e.g. DBW_GROUP_ACCESS and DBW_USER_ACCESS.) If the a form is selected in the Window Name column first, the form's title will appear as the default text in the Name column. |
| Window | Name This is where the name of the OpenInsight form, if applicable, will be entered. |
| Menu | Name This is where the name of the FW_MAIN menu item, if applicable, will be entered. |
| Button | Name This where the name of the FW_MAIN toolbar button control, if applicable, will be entered. |
| ShortcutBar | This is where the name of the FW_MAIN ShortcutBar item, if applicable, will be entered. ShortcutBar items are controlled by the Frame Manager. |
Group Access Settings
Once the components have been entered into the Security Manager, the Group Access Settings form is used to assign access levels to specific group profiles. This should be launched from within FRW_MAIN. Note that this form has two tabs: Frame Access and Report Access. Report Access will be be discussed in the Report Manager page. The following information will pertain specifically to the Frame Access tab:
This image shows the built-in ADMIN group access profile. By default it has access to all components which have been pre-registered in the Security Manager. However, there is no access to Test Window since it was just registered to through the Security Manager. This means that any users with the ADMIN group access profile will not yet have access to this item. By default, Groups do not have access to new items registered in the Security Manager. To give the user access to this item just click on the dropdown button and select the desired access type:
| Type of Access | Description |
|---|---|
| Full Rights | User has complete access to this item. If this is a form, the user has the ability to create, read, modify, and delete records. |
| Read Only | User can see but does not have access this item. If this is a form, the user has the ability to read records but not create, modify, or delete them. |
| Add/Edit | User can create, read, and modify records but not delete them. (Applicable to forms only) |
| Edit Only | User can read and modify records but not create or delete them. (Applicable to forms only) |
| None | User does not have any access to this item. Menus, buttons, and shortcut items will be invisible. |
Control Access Settings
If an item listed in the Group Access form is a Window type and the Type of Access is anything other than None, the Controls... link will appear. This allows the particular form to be optionally configured for control specific security access. After clicking on this link the Control Access Settings form will launch:
Similar to the Group Access Settings form, the Type of Access dropdown is used to customize the availability of a particular control:
| Type of Access | Description |
|---|---|
| Full Rights | User has normal access to this control. This will be alter any access to the control that might be managed outside of the Security Manager. |
| Read Only | User will be able to see, and in some cases copy, the data but will not be able to modify it. |
| Detailed | Special option for native OpenInsight edit table, SRP EditTable, or SRP Tab controls. It provides the ability to specify security access down to the column or tab level. |
| None | User will not be able to see the control since it will be made invisible. |
If no Type of Access is selected, the control uses the Type of Access for the form itself. The options listed in the Type of Access dropdown will not exceed the Type of Access setting for the form itself.
When using the Detailed option, the grid on the bottom of the Control Access Settings form will become enabled. For native OpenInsight controls, column data will automatically appear. For SRP ActiveX controls, information will have to be manually entered because there is no way to specify this information within the form definition record itself. However, if an instance of the form is running, the Update from Window button will be enabled. Clicking on this will pull the runtime information of any SRP EditTable or SRP Tab control and populate the the grid accordingly.
Users
After one or more group profiles have been create using the Group Access Settings window, users can be added using the User Access form:
Similar to the Group Access Settings, there is a built-in ADMIN user. The ADMIN user's password is also ADMIN and is already associated with the ADMIN Group Access, as seen in the above image. Any number of users can be entered into the User Access form and they can be associated to any Group Access.
