Field-VALUE security

Field-VALUE security

Old forum URL: forums.lhotka.net/forums/t/6829.aspx


bpd posted on Tuesday, April 21, 2009

I'm trying to think of a "good" way to implement field-value security.  As a simple example:  Jim and Bill both work in shipping, using the same screens/fields, but each works at a different plant.  Jim can only ship orders assigned to plant #1, while Bill is restricted to plant #2's orders. 

How should/could this sort of field-value security be implemented?

Ideally, any required data filtering would be done as part of the fetch's SQL so it doesn't return too much, only to be quickly discarded.

ajj3085 replied on Tuesday, April 21, 2009

Well I think you answered your question.. filter the rows during your sql fetch. You could store the location of the user in a custom principal, or some other location such as the ApplicationContext.

bpd replied on Wednesday, April 22, 2009

Yes, but as I said, that was a simple example.  A more representative example would be:

( (division = 1) and ( (location = 3) or (sales-rep = RK) ) )

The specific criteria would/could be different for each logical process of each role.

Copyright (c) Marimer LLC