Security

Security is controlled by the Business Rule Developer in three ways. It is very important that the business rule designer/author consider data security when creating table views. The session info object within the rule can be used to restrict/grant data access for the current user. Second, the writeback functionality will also be controlled within the business rule to the user population allowed to perform the writeback, as well as the granular level elements which may be modified.  Lastly, the Table View Business Rule itself should be secured for viewing or access outside of the defined dashboard.

Data level, or Table level, security is incorporated within the Business Rule script.  Various BRAPI functions can be conditionally included in the script to control the read and write functionality each user will encounter when presented with the Table View.   Using Table View Name arguments in the Business Rule, rather than relying on the default Business Rule Name, will also add an additional level of security for related to the tables.

Business Rule level security should also be utilized to restrict access to those who can edit and modify the underlying Table View Business Rule. This can be done by using Business Rule Encryption, which requires specific a user security role. Business Rule Encryption applies password protection to any Business Rule it is applied to.

Additionally, the Business Rules for Table Views are stored in the Spreadsheet category.  To control access to user’s access to retrieving the Table Views in their Application Spreadsheet, the Access Group on each rule should exclude any user who is not a designer.

The Table View function should be called using a condition for the Spreadsheet Table View Name.  The will control all Table View functionality by a defined name, rather than through the business rule alone.

Case Is = SpreadsheetFunctionType.GetTableView
    If args.TableViewName = "DED_TableView"
            Return GetPLPRegisterUsingRegisterID(si, args.Cust)
    End If