Data access restrictions based on tabular sections





This section contains examples of data access restrictions based on values of tabular sections fields. We recommend that you also read the following:

For metadata objects that can contain tabular sections, data access restrictions only apply to database objects as a whole. But the texts of access restrictions can use columns of tabular sections. The most popular tasks related to applying data access restrictions based on tabular section fields are as follows:

  1. Allow access to an object if a condition is true for at least one record of a tabular section.
  2. Allow access to an object if a condition is true for all the records of a tabular section.
  3. Allow access to an object if a condition is true for all the records of a tabular section or if a tabular section is empty.

The access restrictions script allows you to implement any of the listed access restrictions. Suppose that the UserRights register contains the mapping between users and the objects they have rights to access. The TabularSection1 tabular section of the Catalog1 catalog contains the Object field, which references objects that define data separation between users. The CurrentUser session parameter contains a reference to the Users catalog item, which corresponds to the current infobase user. Below you will find sample restrictions that deal with each of the above tasks.

The access condition is true for at least one record of a tabular section

Catalog1
WHERE Catalog1.TabularSection1.Object IN
(
    SELECT
        RightsRegister.Object
    FROM
        InformationRegister.UserRights AS RightsRegister
    WHERE
        RightsRegister.User = &CurrentUser
)

This restriction allows the current user to access only those items of the Catalog1 catalog whose tabular sections contain at least one record with its Object attribute referencing an object allowed for the user.

The access condition is true for all the records of a tabular section

Catal1 WHERE (NOT Catal1.Ref IN
    (SELECT TOP 1
        Cat1.Ref
    FROM
        Catalog.Catalog1 AS Cat1
        LEFT JOIN
        Catalog.Catalog1.TabularSection1 AS TS1
        ON Cat1.Ref = TS1.Ref
        LEFT JOIN
        InformationRegister.UserRights AS RightsRegister
        ON
        TS1.Object = RightsRegister.Object AND RightsRegister.User = &CurrentUser
    WHERE
        Cat1.Ref = Catal1.Ref
        AND RightsRegister.Object IS NULL ))

This restriction allows to access only those items of the Catalog1 catalog where all tabular section records reference allowed objects.

The access condition is true for all the records of a tabular section or a tabular section is empty

Catal1 WHERE (NOT Catal1.Ref IN
    (SELECT TOP 1
        TS1.Ref
    FROM
        Catalog.Catalog1.TabularSection1 AS TS1
        LEFT JOIN
        InformationRegister.UserRights AS RightsRegister
        ON
        TS1.Object = RightsRegister.Object AND RightsRegister.User = &CurrentUser
    WHERE
        TS1.Ref = Catal1.Ref
        AND RightsRegister.Object IS NULL ))

This restriction allows to access only those items of the Catalog1 catalog whose tabular sections are empty or only have references to allowed objects.


Comments
0
Add comment