By Larry Caylor - 1/11/2007
This is sort of a combination of ‘how to’ and a possible enhancement request. I have situation where I have client case files and some of those cases need to be marked as confidential. I’d like to be able to use Role Based Security at the row level to control who can view, add, modify, or delete confidential cases. Conceptually I can see how to do this by adding a column to the table that contains a security key. Where the possible enhancement request comes in it that it would be nice to be able to define in the object properties a security column similar to the concurrency column and have the data layer filter out rows that the user is not permitted to access. One of the reasons for the enhancement is that even if I implement my own security checking using the added column and security classes I can’t think of how I would enforce it in the BrowseDialog, unless you guys add some hooks or I build my own dialog. This probably raises other issues that I haven’t thought about but I’d like some input on how you might handle this. I’m thinking that you may have run into a similar requirement in your medical applications. -Larry
|
By StrataFrame Team - 1/11/2007
We have thought of ways to implement this functionality... easliy configurable and implementable row-level security, however, we have held off of it for right now because the although we would be able to use it within the BrowseDialog and other places where the SELECT statements are generated programmatically within the framework, you would still have to implement the same WHERE clause on each of your fill methods that calls FillDataTable. So, since we don't have any control over what queries you run, we're holding off until the next major version of SF. We will be implementing LINQ functionality, and with the IQueriable interface, we will be able to programmatically add conditions to the WHERE clauses of every query executed within the framework. So, then it will be easy to implement with a few simple properties on the business objects, but right now, it's just not feasible.The way we have implemented the row-level security is exactly like you mentioned. We added a column to the necessary tables and stored an enumeration value within the field that tells the program which security key to check to determine whether the document can be viewed by the logged in user.
|
By Larry Caylor - 1/11/2007
Thanks for info! While the current solution is pretty much what I expected, the future addition of the IQueriable interface gives us all something to look forward to
|
By StrataFrame Team - 1/11/2007
Yes, and the biggest thing to look forward to is having complile-time SQL syntax checking... because the query language becomes part of the programming language (and your C# query is then converted to an IQueriable object and run through an engine).
|
By Greg McGuffey - 1/12/2007
This is exciting news! When is the next major release? Maybe in the next week or so? OK, I know, silly question, but a guy can dream, can't he.
I've just built my own search form (not exactly like the browse dialog, but same idea). I've also had to deal with customizing the login, so I know the context the user will access data (in my case the user is assigned a role(s) for a specific set of rows and therefore they can have one role for X set of rows and another role for Y set of rows). I'd like you to see support for this sort of condition also, where the role is based on user/rows not just rows, then also have those permissions cascade down to FK to the rows. I.e. if the user can't see a customer, they shouldn't be able to see orders by that customer either.
And now a question. Will this LINQ thingy be available in VB projects? You mention that it uses C#.
|
By StrataFrame Team - 1/15/2007
LINQ will be available in the next version of both C# and VB... I just mentioned C# because Larry uses C#, but it will be included in VB9 as well.
|
By Greg McGuffey - 1/17/2007
OK, thanks for the info. Any good sites to start learning about LINQ?
|
By Larry Caylor - 1/17/2007
The following link will take you to the LINQ project home page. There's a lot of info there.http://msdn2.microsoft.com/en-us/netframework/aa904594.aspx -Larry
|
By Trent L. Taylor - 1/17/2007
The link Larry provided is good. There are a lot of other sites on the web as well. Don't get to entrenched with it at the moment as it will change a bit before release....it always does
|
By Greg McGuffey - 1/18/2007
Thanks for the link Larry. I'll check it out without getting entrenched in it.
|