StrataFrame Forum

RBS Overview

http://forum.strataframe.net/Topic30089.aspx

By Jon Neale - 6/21/2011

Hi,

Pleasestick with me as I have only been looking over the RBS for 24 hours. I have gotto the point where I am stuck in a room on my own and need to try andregurgitate what I think I understand so far, otherwise I am in danger ofconfusing myself even more!

BeforeI start looking at the Framework as a whole I want to evaluate the RBS to seeif it will allow me to do what I need, or perhaps I should say see if I canunderstand it well enough to do what I need. I've had a look at some of the forum entries and help and found the document by CBlanke which taught me more in 10 minutes than I'd learnt in the 10 hours!

I'veassumed I'm using a Stratframe project with security.

Firstly- In the RBS Editor you set up projects in the main StrataFrame database andagainst these projects you create all the Permissions/Keys that you believenecessary for your project. For example against a form you can create apermission to access the form but also to edit, delete and add if so wanted.

Second- Through VS properties you assign the security keys against different objects,Forms, BO's etc.

Froma developer perspective that's what I HAVE to do before deployment.

Third- Add a hook into the Security Editor for the run time application so that theend user can create Roles and Users and assign the pre-defined permissions toRoles.

Andthat's about it.

Coupleof definite questions I have:

  1. Currentlywhen I run my application in debug, through VS, I am looking at a differentdatabase, Stratframe Test, which doesn’t include my permissions. My understandingis that if I create a fresh database I can export my RBS Project to thatdatabase using the DDT. Is that correct?
  2. Onething on the security I have is that in the application I need to build I needto implement data level access rights. So for instance, take a Payroll appwhere some users are blocked from seeing specific employees, say Directors orsomething. I think I might be able to do this with the Permissions but I thinkI may need to create lots of them. How would it be best to approach this?
Manythanks for listening to my ramblings and I welcome any feedback even if it's go back and startagain.

Jon

By Edhy Rijo - 6/21/2011

Jon Neale (6/21/2011)

Couple of definite questions I have:
  1. Currently when I run my application in debug, through VS, I am looking at a differentdatabase, Stratframe Test, which doesn’t include my permissions. My understandingis that if I create a fresh database I can export my RBS Project to thatdatabase using the DDT. Is that correct?
  2. One thing on the security I have is that in the application I need to build I need to implement data level access rights. So for instance, take a Payroll app where some users are blocked from seeing specific employees, say Directors or something. I think I might be able to do this with the Permissions but I think I may need to create lots of them. How would it be best to approach this?

Hi Jon,
You are in the right path. 
For #1 you could export the RBS metadata used during development to either your application's database or a separate one just to manage security.  The DDT will be your best friend for this and any other database update needs.
For #2 you can use security permissions to handle any BO field property or SF object.  Of course the more you have, the more difficult to keep track of everything, in that case I would use the Category of the permission to group them more logically to easy on the maintenance and assignment of those permissions by the end users. 
Also if you would be dealing with private data like SSN you can even encrypt those properties via the BO so the data saved in the table is encrypted and unencrypted on the fly when accessed via the BO properties, look in the help field for sample on how to do this.
By Jon Neale - 6/23/2011

Hi,

Thanks for your repsonse.

I have got the hang of the DDT within the design environment, still got to work through the idea of actually deploying on site but that's quite a little way off for now.

With the row level security I'n not sure I fully understand. The idea is say there are two users, the payroll manager and payroll assistant for example. When the payroll manager signs in and access's the personal details or salary information they can search for any employee within the database. However, if the payroll assistant signs in they can still see the personal details and salary information forms but only for employees who are not directors. My current understanding of the Permissions is that I could set up a permision on say the salary field but this would mean that the payroll assistant could not see anybodys salary which in this instance is not what I'm after.

I read this post, http://forum.strataframe.net/Topic22700.aspx?Keywords=row%20level%20security, and this seems to descrbide the scenario I am talking about. However, the actual content of the post has me "hanging on by my fingernailsW00t" a little as my exposure to this area is very very limited. What I think it's saying is that I could create a separate table which hangs off SFUsers which stores the access rights, where clause of sql statement, and that I can add this statement onto the browsequery to ensure that the results of the search query are filtered to include only the relevent records.

If there are any other resources/post which may help or you could explain it a little more that would be greatly appreciated.

Many thanks for your time.

Jon
By Edhy Rijo - 6/23/2011

Hi Jon,

I understand what you are looking for.  You basically want to have a Row security which I don't believe is supported directly by the RBS. 

One quick way to get this done could be as follow:
  1. For the table where you want to manage Row Security add an Integer field to define the Payroll Manager/Payroll Assistant access value, ex: Manager=1, Assistant=2
  2. Create a permission for each in RBS and assign it to the users you want.
  3. In your BO create custom field methods for your form using a Stored Procedured and included a Parameter to filter the Payroll Access value created in step 1.  To see if the current user is a Payroll Manager or Assistant, call the SecurityBasics.CurrentUser.GetPermission("Payroll Manager").Action and then pass the paramter to your stored procedure to filter the data accordingly.
The code below is just a sample method you can have in your Business Object to get the data based on the Payroll Permission, of course you need to work out the WHERE condition

    Public Sub FillAllByPayrollAccess()
         Dim payrollAccess As Integer = 0
         '-- Retrieve the permission and test it
         If MicroFour.StrataFrame.Security.SecurityBasics.CurrentUser.GetPermission("Payroll Manager").Action = PermissionAction.Grant Then
             payrollAccess = 1
         End If
         Using cmd As New SqlCommand
             cmd.CommandText = "Select * from Users where PayrollAccess = @PayrollAccess"
             cmd.Parameters.AddWithValue("@PayrollAccess", payrollAccess).SqlDbType = SqlDbType.Int
             Me.FillDataTable(cmd)
         End Using
     End Sub
By Jon Neale - 6/23/2011

Hi Edhy,

Many thanks for your swift response, I'll give it a go. Everything is a steep learning curve at the moment, but all good fun, and the main thing I am trying to avoid is having to write my own security as that will be a pain. The RBS is great, and would save me lots of time, it seems what I want to achieve is achievable so that's great.

Thanks again for your time and effort it's much appreciated.

Jon
By Edhy Rijo - 6/23/2011

Hi Jon,

You are welcome!

Yes, learning could take some time, but there are a lot of samples in the forums and SF logic is very flexible so you can work with it.  I would suggest the following:
  1. Read the help file.
  2. Look at the sample applications.  StrataFlix is a bit more complex since it does not use standard logic for handling the data, but very realistic and effective, once you understand its logic, it can be easily apply to your own projects.
  3. Always search the forums for possible answers to common issues, that will save you time while implementing your logic.
  4. Ask questions in the forums.  Sometimes you can get fast answers, but it may also take a day or two, so searching the forums could be your best solution and it is a good resource for learning.
Good luck!