PFC security provides a client-side security solution. It allows access restriction to the window controls of a PFC based application. The objects that can be secured are menu items, graphic objects, and datawindow columns. Each object may be enabled / disabled or made invisible based on the current user.
The PFC security consists of four major components.
The scanner and administration utility are stand-alone applications and should be compiled prior to using security. Well... the administration utility can be ran from the development environment, but it's probably better to compile it to a stan-alone app.
Let's start with the database tables. PFC includes a SQLAny database - pfc.db with security tables and a message table used by the error service. You have an option of keeping the tables on your application database or on a separate database shared between multiple applications. Assuming you want to maintain one app at a time the first step is to move the database tables to your MS SQL Server database. The easiest way to do that is to create a pipeline for each table and copy them over. If you have ERWin or PowerDesigner you can use that. Don't forget to copy the delete RI triggers as well. The triggers are all "On Parent Delete Cascade" except the one on the relationship from security_apps to security_template. that trigger is "On Parent Delete Restrict" . Another warning. There has been change in 5.0.03 making some columns wider. A rule of thumb with PFC security - use 5.0.03 or greater.
Once you've created the database tables, the next step is to compile the security scanner and use it to populate the security_apps and security_template tables. These table will contain a list of all controls in your application that are eligible to be "secured". There are couple of issues with the scanner. Few major point are:
These and other Security Scanner related issues are discussed in detail in the .
Once you create the security scanner application, run it, select and scan your PBLs.
The next step is the Security Administration Utility. This
utility allows you to create/maitain users and groups,
associations between users and groups, and grant users or groups access rights to specific controls. The Security Administration Utility populates the other three tables: security_users, security_groups, and security_info. You can selectively enable/disable or show/hide controls for a each user or a group.
Last step is enabling and calling the security service in your application.
You need to create the security service.
//Initialise Security: IF IsValid(gnv_app.inv_security) THEN gnv_app.inv_security.of_InitSecurity(SQLCA,& iapp_object.appname, & of_getUserID(), & "Default") ELSE return END IF
And call it from your window pfc_open or
PFC uses the Oracle reserved word "user" as a retrieval argument in d_pfcsecurity_controllist datawindow.
The workaround is to change the the retrieval argument name in the d_pfcsecurity_controllist datawindow.
During the scan process PFC will examine each control's tag property for the "microhelp = <description>" keyword. The description found in the tag will be automatically added to the template security table. Even if the microhelp functionality is not used it does pay to add a description of each control and datawindow column to it's tag property.
Of coarse you can always add a description later after each scan process.
The of_setsecurity was left out from pfc_n_cst_appmanager in PFC versions 5.0.00 and 5.0.01. It was added in 5.0.02. If you don't see the function you can upgrade to a version greater than 5.0.02 or add the function yourself.
The code for of_setsecurity is listed below.
integer of_SetSecurity( boolean ab_switch )
//Check arguments If IsNull(ab_switch) Then Return -1 End if IF ab_Switch THEN IF IsNull(inv_security) Or Not IsValid (inv_security) THEN inv_security = CREATE n_cst_security Return 1 END IF ELSE IF IsValid (inv_security) THEN DESTROY inv_security Return 1 END IF END IF Return 0
Contributed by PFCGuide staff, except
where noted otherwise.
PFCGuide is sponsored by Dynamic Technology Group
The information provided is for advice only and not to be considered a contract or a liability against Dynamic Technology Group.
Last revised: February 15, 2004 03:58 AM.