Dynamic Security
The default security model used by EMu is static in nature. User and Group privileges are defined in the Registry and loaded into a module when it is invoked. Once invoked, the security of the module remains the same throughout its lifetime. If a user can change the contents of a given field, then they can change it for all records (assuming Record Level Security (RLS) allows the record to be modified). In some instances it would be useful to allow some security settings to be altered based on information stored in the current record.
For example:
- Storage staff in a group called Storage are able to change all fields for records of type Crate and Frame, while for Object records they can only update the dimensions information.
What would be useful is a mechanism that allows access to a column to be modified based on the contents of the record.
- Similarly, you may require certain fields to be filled depending on the type of record. For Object records you may require the Main Title field to be specified, while for Crate and Frame records the title should not be specified (in fact, it should not even be shown). The EMu Mandatory Registry entry allows a field to be defined as mandatory, however it is not possible to use this Registry entry to specify conditional mandatory settings.
As with the first example, it would be useful to allow the mandatory setting for a field to be set based on the contents of the record.
- Alternatively, you may want to alter Record Level Security settings based on the contents of data within the record when the record is saved. One such requirement may be that records whose record status is set to Retired may only be edited by users in group Admin. Such a feature can be "hard wired" into the database server.
However a solution that uses the Registry would provide a more flexible mechanism.
Three Registry entries provide for a flexible and dynamic security model that can adapt based on the data stored within a record:
- The Column Access Modifier Registry entry handles the first example above, that is the ability to alter column access based on the contents of the record.
- The Mandatory Modifier Registry entry handles the second example above, that is the ability to adjust mandatory settings based on the contents of the record.
- The Security|Update Registry entry provides for the third example, that is the ability to change Record Level Security based on the contents of the current record.
Note: Click the links above for full details of each entry.
The combination of the these facilities provides a useful mechanism for altering the EMu security settings dynamically. The use of dynamic security allows very flexible security models to be implemented.