What is the best approach for implementing record security access?

[incuboy]

Hi to everyone,

Can anyone can help me? about providing a record security access off course in progress.
Kinda new to progress.

What i've done so far was I created a Profile maintenance which user can set access level ( e.g. EmpClass = 1 can only be access by user1 ) . Problem is I am already done coding the entire transactions/reports and I dont want to recode/update each of source.

Is there any best or standard approach for providing for this kind of security access? and if there no way to avoid re-coding I think I'm gonna be ok with it just to make sure my code doing the right thing..

Any help is appreciated, Thanks in advance

 

[RealHeavyDude]

Your requirement is not exactly clear to me but if I understand you correct you want to limit the access to a given record to exactly one user at a time.

There is no built-in mechanism in the database or in the ABL that could solve your problem because providing concurrency is the whole idea of a multi-user database and an optimistic locking strategy.

First you need to have a single point of entry in your code to access the records in the particular table – it should be encapsulated in a procedure or a class so that whoever accesses records of that table must go through that logic. Next you need to have a "tracking device" which would track which records of that table are accessed and, probably, by whom. You could achieve this in having a dedicated database table for that tracking. You would need to have a record in that tracking table for each record in the restricted table. You could set a flag on the tracking record but the would leave you with the problem of having limbo tracking flags hanging about when the client crashes so that you would need to set up some "limbo detection logic" which would reset the flags – odd to say the least. Instead I deliberately would use a SHARE-LOCK on the tracking record which will be automatically lifted by the database in case the client crashes for any reason.

Of course you could also fiddle with a pessimistic locking strategy on the restricted table but that will only work in client/server mode and I would not advise you to.

Maybe that gives you an idea of what you are up against. No easy solution that I am aware of and you will definitely have to modify the access logic for whatever table you want to establish such a behavior.

Heavy Regards, RealHeavyDude.

 

[incuboy]

"Your requirement is not exactly clear to me but if I understand you correct you want to limit the access to a given record to exactly one user at a time."

@RealHeavyDude, thanks for the advice.But Not exactly, I just wanted to limit the access of a user to records that he/she is allowed to view. for example user1 have access rights to customers with type=regular then all he/she can view/modify were customer with type=regular.

 

[mjpowellesq]

The best approach is the industry standard approach. *This is password protection
Of course this is broken down into a hierarchy. *To view level 1 data only level 1
usernames have access rights. *This is then replicated for different levels of data.
The usernames have access to whichever levels U decide. *
As the user gains promotion ... they have access to further level data.
The users log onto the system with username and password an additional field will be level
If the username has the required level it can access the data
Good luck*

 

[incuboy]

@mjpowellesq, thanks alot, actual thats what I did. Thanks again.

 

[incuboy]

@mjpowellsq, thanks, thats what I did.

also thnks to RealHeavyDude.