Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Page Level Security 1
- Thread starter caster
- Start date
-
1
- #2
PLS is a beautiful thing once you get the hang of it.
At its base level, the "grantexpression" is simply a string that matches a given field.
grantexpression calls GetFullACL() which returns a list of the users roles and the userid.
For instance, if my Actuate User Id was "Adarro", and I had a userid field from a table, then it would allow "Adarro" to see the data where the field value returned "Adarro".
In addition, assume I belonged to the roles "RegionalManager","Sales","FieldManager", then my ACL would be "Adarro","RegionalManager","Sales","FieldManager", and if I had a field that had any of those values, then I could use it in the GrantExpression.
Consider the following table
create table timeclock (
userid varchar(50) NOT NULL,
starttime datetime NOT NULL,
endtime datetime NOT NULL,
department varchar(50) NOT NULL,
uid int NOT NULL IDENTITY(1,1) PRIMARY KEY
)
insert into timeclock(userid,starttime,endtime,department)
values('bob','1/1/2004 10:00 AM','1/1/2004 12:30 PM','Marketing')
insert into timeclock(userid,starttime,endtime,department)
values('bob','1/1/2004 1:35:00 PM','1/1/2004 5:20 PM','Marketing')
insert into timeclock(userid,starttime,endtime,department)
values('joe','1/1/2004 7:00 AM','1/1/2004 4:30 PM','Sales')
assume there are now 50 users that have punched in and out over the course of 6 months in this table.
Build a simple report from this table similair to:
select userid,starttime, endtime, department
from timeclock
order by department ASC, userid ASC, starttime ASC
since we're doing simple, just make it a simple listing report and group by department then userid, listing the remaining two fields in the detail section.
now assume you have users with the id's 'bob' and 'joe', and two roles defined as 'Marketing' and 'Sales' which they belong to respectively.
Now look at the properties of the 'Department' grouping.
If you place the field 'Department' in the grant expression, then members of the group 'Marketing' will see the detail for records with the Department field = "Marketing" and likewise for the "Sales" department.
In Addition, if you place the userid field in the grantexpression of the userid group, then only the user "joe" will see "joe's" detail.
Because the ACL is a string, you can manipulate it for more advanced matching. This is a bad example, but it should do for illustrative purposes. For instance, if I had roles defined as 'Marketing - VA', 'Marketing - CO', then I could map a state field to the right two characters of the role.
If you can create the example I provided, then look back into the source of the Actuate example and it should make a lot more sense to you.
At its base level, the "grantexpression" is simply a string that matches a given field.
grantexpression calls GetFullACL() which returns a list of the users roles and the userid.
For instance, if my Actuate User Id was "Adarro", and I had a userid field from a table, then it would allow "Adarro" to see the data where the field value returned "Adarro".
In addition, assume I belonged to the roles "RegionalManager","Sales","FieldManager", then my ACL would be "Adarro","RegionalManager","Sales","FieldManager", and if I had a field that had any of those values, then I could use it in the GrantExpression.
Consider the following table
create table timeclock (
userid varchar(50) NOT NULL,
starttime datetime NOT NULL,
endtime datetime NOT NULL,
department varchar(50) NOT NULL,
uid int NOT NULL IDENTITY(1,1) PRIMARY KEY
)
insert into timeclock(userid,starttime,endtime,department)
values('bob','1/1/2004 10:00 AM','1/1/2004 12:30 PM','Marketing')
insert into timeclock(userid,starttime,endtime,department)
values('bob','1/1/2004 1:35:00 PM','1/1/2004 5:20 PM','Marketing')
insert into timeclock(userid,starttime,endtime,department)
values('joe','1/1/2004 7:00 AM','1/1/2004 4:30 PM','Sales')
assume there are now 50 users that have punched in and out over the course of 6 months in this table.
Build a simple report from this table similair to:
select userid,starttime, endtime, department
from timeclock
order by department ASC, userid ASC, starttime ASC
since we're doing simple, just make it a simple listing report and group by department then userid, listing the remaining two fields in the detail section.
now assume you have users with the id's 'bob' and 'joe', and two roles defined as 'Marketing' and 'Sales' which they belong to respectively.
Now look at the properties of the 'Department' grouping.
If you place the field 'Department' in the grant expression, then members of the group 'Marketing' will see the detail for records with the Department field = "Marketing" and likewise for the "Sales" department.
In Addition, if you place the userid field in the grantexpression of the userid group, then only the user "joe" will see "joe's" detail.
Because the ACL is a string, you can manipulate it for more advanced matching. This is a bad example, but it should do for illustrative purposes. For instance, if I had roles defined as 'Marketing - VA', 'Marketing - CO', then I could map a state field to the right two characters of the role.
If you can create the example I provided, then look back into the source of the Actuate example and it should make a lot more sense to you.
- Status
Similar threads
- Locked
- Question