Photo by cmoewes
The security class is not a replacement for groupware, or even meant to compete against groupware. The security class doesn’t provide any real UI components, instead it provides a foundation to configure default security at design time, and then have that security adjusted at runtime by a “superuser” without requiring additional development work.
The Security Class has been around in one form or another since my very first project. At one time I provided a set of Clarion 3rd Party templates for it. The security class is not a replacement for groupware, or even meant to compete against groupware. I already had several applications in the wild with the using my security model and it was just easier for me to translate it to WX. The philosophy around the Security class is quite a bit different than groupware. The security class doesn’t provide any real UI components, although there are sample windows in the NextAge Open Source application. Instead the security class is provides a foundation to configure default security at design time, and then have that security adjusted at runtime by a “superuser” without requiring additional development work. The premise is very simple, which is what actually allows it to be used for nearly anything. I have used it in an ERP system with 600+ users and not run into a security requirement that we could not cover.
The foundation of the security model is a numbered access level and a category. Each user is assigned a numeric “Global Access Level”. Each user can also have Category override settings.
Suzy is the AP clerk. She has a global access level of 3. She also has a category override level of 6 for AP, and 4 for GL.
The Sales Report is a category of Sales and requires as level 4.
The Customer Browse is a category of Client and requires a level of 3.
Paying an AP invoice is a category of AP and requires a level 6.
Generating a GL entry is a category of GL and requires a level of 3.
Dating a GL entry into a prior period is a category of GL and requires a 5.
When Suzy tries to:
Run the sales report, she is told she does not have access.
Run the Customer Browse she is allowed. Her global access is high enough
Pay an AP Invoice, she is allowed. Her global access is not high enough, but she has a category override that is.
When she generates the GL entry it is allowed, again her global access is high enough
If she tries to back date the entry, she is not allowed, her global access is not high enough and although she has a GL category override, it is not high enough either.
The security class is simple terms is a call to a “go – no go” function. It does all the work of testing the overrides, etc. and returns either a True or False.
Part of what makes the Security class powerful is that the setting are defaulted at design time but can be overwritten at runtime. This is accomplished by maintaining a “SecurityDetail” file. This file has the Item being tested (be it a screen, function, whatever the developer decides to call it), a category, and an access level. All of that information is actual passed with the call to check the security. What the security class does, is checks the “SecurityDetail” file to see if the item already exist, if it does then the values from the file are used, otherwise a record is created in the “SecurityDetail” table with the default values supplied. This means that if the record in the “SecurityDetail” table is changed, it would override the defaults.
Back to our sales report example from #1 above. The first time some tried to run the sales report a record was written into the “SecurityDetail” table. With the item = “Sales Report”, Category = “Sales” and AccessLevel = 4. John the IT manager is told by the CEO that he wants anyone with at least a level 3 to run the sales report. John edits the “SecurityDetail” file and changes the AccessLevel to 3 on that record. Now when Suzy runs the Sales Report she has access because her global access level is now high enough.
As you can see the combination of Access Levels and Categories allows you to create as complex of a system as you want. It could even be dependant on more than one setting by simply making multiple calls to the class and not performing the function unless all of them pass.
Enough of a sales job. I hope you enjoy it. If you have any questions, suggestions, complaints (well not complaints) then please use the comments below so we can all benefit from each others additions. This article will be updated with each new release of the class.
If you have any questions about the NextAge Open Source initiative be sure to check out this post.
The Download Links
1.0 – January 12, 2013
1.01 – January 16, 2013
- Fixed issue with Array Sort Error when adding new entry