Re: FoRMs Level Security
Date: 4 Jun 93 08:10:17 EDT
Message-ID: <7388.2c0f0369_at_hayes.com>
In article <1993Jun3.125620.20433_at_news.unomaha.edu>, moswald_at_cwis.unomaha.edu (Mike Oswald) writes:
> I thought I remember seeing a post concerning security at the FoRMs level.
> Someone had group their customers and placed them in a table which pointed
> to FoRMs or applications that they could run.
>
> Anyway ... is anyone currently during this or has some other means of
> maintaining this type of access to FoRMs/applications? I would rather
> not hard code anything into my FoRMs.
>
> Thanks.
It depends on your operating environment. For example in the DEX VAX world, BEFORE entering forms, you can capture the user login by executing
ASSIGN/USER SYS$COMMAND SYS$INPUT RUNFORM30 etc
A more logical solution, assuming that you are utilizing a series of forms in an operational environment, is to present the user with a login screen and prompt for a password. That password would map to a password table such as:
AUTHORIZATIONS PASSWORD NAME SALES ACCOUNTING etc
A123 JONES Y N N 9X3B SMITH N Y Y etc
Access to the system is verified by existance of the password and, if found, storing it in a GLOBAL variable. Subsequent access to any specific functional screen is controlled by checking the table for a yes setting before calling the form.
In my experience, I have only had to maintain control at a functional level. That is, if access is granted to the first screen of SALES then access to all sales screens need not be checked. However, the concept can logically be extended down to a specific screen or even a field on the screen.
Hope this helps.
| Frank Greene | _/_/_/ _/_/_/ | | DELPHI SYSTEMS, Inc. | _/_/ _/_/ | | Telephone [615] 458-6032 | _/_/ _/_/ _/_/_/ | | Compuserve 74200,427 | _/_/ _/_/ _/_/ | | 324 Ootsima Way | _/_/ _/_/ _/_/ | | Loudon, TN 37774 | _/_/_/ _/_/_/ _/_/_/ | ---------------------------------------------------------------------------- | Of course, any opinions or suggestions are strictly my own | ----------------------------------------------------------------------------Received on Fri Jun 04 1993 - 14:10:17 CEST