Enabling Row Set Security
Follow these steps to enable Row Set Security for a particular entity:
- Open or create a view of the Entities service that includes the entity you want to configure.
- Double-click the entity's entry in the view to open the entity's record.
- Confirm that the entity's base view is automatically generated by Aptify.
- Row Set Security applies only to entities whose base view is generated automatically by Aptify. For entities that have a non-generated base view, the system administrator must apply the row set security logic manually. See Determining Whether a Base View is Generated for information on how to identify generated and non-generated base views.
- You should review the base view to determine the proper syntax for your WHERE clause. For example, if the entity's table is aliased in the base view, your WHERE clause field also needs to be aliased. See Example 4: Limiting Access to Person Records and Company Records to the Main Account Manager for a WHERE clause that needs to include an alias.
- Click the Row Set Security tab.
- Open a new Row Set Security sub-type record.
- Either click the New Record... button in the menu bar, or right-click in the gray area and select New from pop-up menu to open a new record.
- Either click the New Record... button in the menu bar, or right-click in the gray area and select New from pop-up menu to open a new record.
- Enter the rule in the Base View Where Clause field.
- Row Set Security rules must use proper SQL syntax. Therefore, only administrators who are familiar with SQL should use this feature.
- See Sample SQL Where Clauses for examples.
- Enter a description for the rule.
- Click OK to save the rule.
- Enter additional rules for the same entity, if necessary. Aptify uses an AND operator to separate multiple Base View Where Clauses within a generated base view.
- Alternatively, you can Click OK and New in Step 8 to save the current and open a new Row Set Security record in one step.
- Alternatively, you can Click OK and New in Step 8 to save the current and open a new Row Set Security record in one step.
- Save and close the Entities record.
- Regenerate the base view for any related entities that join to the entity for which you just enabled row set security.
- By default, when generating a base view for an entity, the system automatically references the base table rather than the base view for joined entities whenever possible for optimization purposes. However, when an entity's base view references a joined entity that Row Set Security enabled, then the entity's base view joins to the related entity's base view and not its base table (to ensure that row set security restrictions are respected across entities). Therefore, after enabling Row Set Security for one entity, you need to regenerate the base view for any related entities that joins to it to ensure that the base views are properly updated.
- For example, an organization has defined row set security for the Persons entity so users can only see persons assigned to their particular organization. However, the base view for the Certifications entity in the Education Management add-on application references the Persons entity's base table rather than its base view for optimization purposes by default. Therefore, after enabling Row Set Security for the Persons entity, you need to regenerate the Certifications entity so its base view references the vwPersons base view rather than the Person base table.
- Create views of the entity from multiple users to confirm that the Row Set Security logic operates as expected.
Copyright © 2014-2017 Aptify - Confidential and Proprietary