...
Overview of Security Realms
The SmartFramework provides a number of default security realms which are described in the following
Realm Code | Realm Description | Used by |
---|---|---|
SFS | Smart Field Enabled | Used by the SmartFieldAuthorizationProvider. The SmartFieldAuthorizationProvider implements the IFieldAuthorizationProvider interface and controls if data bound fields in SmartViewerControl derived user controls may be enabled for by the current user, i.o.W. the user is allowed to update the field value |
SFV | Smart Field Visibility | Used by the SmartFieldAuthorizationProvider. The SmartFieldAuthorizationProvider implements the IFieldAuthorizationProvider interface and controls if data bound fields in SmartViewerControl derived user controls shall be hidden. |
SMF | Smart Menu Function | Used by the MenuBusinessEntity to determine if the current user has access to a menu function of not. Used while reading menu structures from the SmartMenu table. |
SMT | Smart Message Translation | Used by the MessageBusinessEntity to validate if the current user is allowed to maintain message translations in the given language |
SST | Smart Security Token | General purpose function. Tokens can be used to protect specific application functionality. There is no default behavior for security tokens. Tokens may be queried using IsTokenRestricted method of the ITokenSecurityService implementation. |
STI | Smart Toolbar Security Item | Allows to disable specific toolbar buttons on toolbars or ribbons. Used by the ToolbarAuthorizationProvider which implements the IToolbarAuthorizationProvider service interface and is used by the SmartToolbarController. |
The SmartFramework provides a number of default security realms which are described in the following
table:
Realm Code | Realm Description | Used by |
---|---|---|
SFS | Smart Field Enabled | Used by the SmartFieldAuthorizationProvider. The SmartFieldAuthorizationProvider implements the IFieldAuthorizationProvider interface and controls if data bound fields in SmartViewerControl derived user controls may be enabled for by the current user, i.o.W. the user is allowed to update the field value |
SFV | Smart Field Visibility | Used by the SmartFieldAuthorizationProvider. The SmartFieldAuthorizationProvider implements the IFieldAuthorizationProvider interface and controls if data bound fields in SmartViewerControl derived user controls shall be hidden. |
SMF | Smart Menu Function | Used by the MenuBusinessEntity to determine if the current user has access to a menu function of not. Used while reading menu structures from the SmartMenu table. |
SMT | Smart Message Translation | Used by the MessageBusinessEntity to validate if the current user is allowed to maintain message translations in the given language |
SST | Smart Security Token | General purpose function. Tokens can be used to protect specific application functionality. There is no default behavior for security tokens. Tokens may be queried using IsTokenRestricted method of the ITokenSecurityService implementation. |
STI | Smart Toolbar Security Item | Allows to disable specific toolbar buttons on toolbars or ribbons. Used by the ToolbarAuthorizationProvider which implements the IToolbarAuthorizationProvider service interface and is used by the SmartToolbarController. |
...
When adding records to the Toolbar Security Item Maintenance form users can select currently executed Forms using the lookup button on the Container / Object lookup. This will then also populate the Toolbar Item drop down list with the toolbar items of the selected form. User can select Forms or viewers and browsers in which case the authorization may be maintained for individual Viewers or Browsers within the Form.
Assigning Authorization for Security Realms
The central security Assignment Form .
Assigning Authorization for Security Realms
Menu Security Assignment
...
can be used to maintain authorization for any user or any user group on any security item.
Using the combo-box and lookup above the grid control users can first select the security item (that is an item specified by an available security realm) to filter the list of existing security assignments.
Using the viewer security can be assigned for any users or group on any security item.
First, select the security realm for which you want to maintain authorization. Then select the security item using the lookup. The lookup properties have dynamically been changed based on the selected security realm.
A single security assignment record is always exactly for a single user or a single user group. You cannot create a single security assignment record that is valid for a user and a group.
For every security assignment record you control if it should be restricting (checked) or unrestricting.
The actual authentication for the user on the selected security item is based on the security realm’s default restricted property and the security assignment either for the user directly or the groups the user is member of. In general the rule applies that the closest security assignment will be effective.
Assigning Authorization for Menu Functions
For the maintenance of menu function authorization a more specialized alternative data entry screen has been implemented. The Menu Security Maintenance form allows to select a number of users and or groups and allows the maintenance of menu function authorization
After selecting a number of users or user groups an administrator may change or create the security assignment for menu functions based on the actual menu structure using the drop downs in the tree view columns.
The drop downs provide three values:
Restricted | Creates an security assignment entry with restricted = TRUE |
Unrestricted | Creates an security assignment entry with restricted = FALSE |
Default | Removes an existing security entry, resulting in the next available default setting |
Menu Visibility for User Groups
Closely related to access to menu functions is the visibility of menus for groups of users.
For this purpose the Menu Maintenance allows the assignment of user groups to menu structures.
This dialog allows to assign any menu structure node to any user group. Users of that user group will have access to this menu structure as a top level menu structure.
Security Service
Validate Class
...