Data security based on authentication

[Naith]

Environment: CE9 querying DB2
Users: All on domains unknown to the APS, accessing reports through a firewall.

Let's say you have client1, Jay, and client2, Bob.

Information pertinent to Jay and Bob is kept on your database, but is sensitive - so Bob should not see Jay's data, or vice versa.

An option available to the developer would be to tack an additional parameter onto all the reports, like {?ClientID}, with {Table.ID} = {?ClientID} in the Record Selection criteria.

That approach is not an option - but it's exactly that functionality that this client wants to achieve. Are there any other options that will survive going through a firewall, Radius or Tacacs - ASP, CSP, whatever - which will enable CE9 to use the firewall authentication instead of NT/CE authentication?

Thanks,

Naith

 

[Turkbear]

Hi,
Any real data security should be established at the database level.So,(specifics will be database dependent, so check the DB2 docs )
Create separate permissions for these users so that they can only access a view of the data restricted to their need.
If in Oracle, you could use fine-grained access control ( or Virtual Private Database in 9) , and, there are ways to do it with User-Built Processing Extensions in CE..
Search this forum for more info..( Use Processing Extensions or Record Security as search phrases)..

 

[Naith]

Hi Turkbear - thanks for the response.

I'm not in a position where I can write and maintain customised views for each client, as there are potentially hundreds; so there'd be loads of instances of the same report, all using slightly different views - or the same view with the client id hardcoded in the criteria. So tailored views are out.

I know about the Virtual Private Database in Oracle9, but unfortunately this is DB2 - which is a long way from home for me! - which I don't think has similar functionality.

Are there any stories of successful firewall authentication being used instead of NT/CE out there?

Naith