Add Security at program level
In order to add security at a program level, one has to do modifications (as explained below) in the right panel of the Screen editor of the desired program. Here we have used the program c/custmord.p for demonstration purposes.
- In the XE Developer Studio, select program c/custmord.p and go to the right panel>Program tab>section Security Properties.
- Here all the fields related to security would be visible, as shown highlighted in a rectangle box in the figure below:
A brief description of all the available security options is as follows:
| Security Property | Description |
|---|---|
| Frontend | Defines that the type of interface on which the program can operate |
| Create Security | Allows the create record option to be enabled |
| Copy Security | Allows the copy record option to be enabled |
| Delete Security | Allows the delete record option to be enabled |
| Audit Security | Allows the Audit record option to be enabled |
| Display Security | Allows the program to be viewed |
| Start Security | Allows the program to be visible for use |
| Update Security | Allows the update record option to be enabled |
- The values entered in these fields is ‘*’, this means that anyone can perform the actions like Display, Start, Update, Create, Copy, Delete and Open Audit Program in the selected program.
- These security fields can have different values as explained in the table below:
| Sr. No. | Security | Description |
|---|---|---|
| 1 | * | All users can access the program. |
| 2 | !* | None of the users can access the program. |
| 3 | gruser | User with user id ‘gruser’ or members of user group ‘gruser’ can access the program. |
| 4 | grp1,usr1 | Users with user id grp1 or usr1 or members of user groups grp1, usr1 can access the program. |
| 5 | gr* | All users whose name start with gr* or members of group whose group name start with gr can access the program. |
| 6 | f-cando(‘grp1,usr1’) | Users with user id grp1 or usr1 or members of user groups grp1, usr1 can access the program. |
| 7 | v-value > 1000 | User can access if the expression evaluates to true. |
| 8 | #secrule | User can access if rule ‘secrule’ evaluates to true. The rule is defined in module ‘Rule’. |
| 9 | f-cando(‘grp1,usr1’) and v-value > 1000 | User can access if the expression evaluates to true. |
| 10 | v-value > 1000 or #secrule | User can access if the expression evaluates to true. |
- As part of security you can give access to the program, to all users or only certain users or groups.
Now, in the Create security field enter the value ‘not f-cando(guest)’ as shown in the figure below, this means that all users except the user/usergroup guest will be able to create a new record in this program.
After entering the security conditions, click on the save.
Now, Log in as user guest and open the program via the menu My_Menu > Customer.
Figure: Create Security applied on Program level As shown in the figure above, the create option is disabled for the user, hence the user will not be able to create any new records.
The user ‘guest‘ can update, delete but not create any records as per the security settings applied.