Home
|
Forums
|
Contact
|
Search
|
Syndication
[login]
[create account]
Friday, June 20, 2025
slxdeveloper.com
Home
Search
Contact us
About slxdeveloper
Syndication
Community
Forums
(NEW!)
Newsletter Archive
Members
Your Profile
Submit Article
General
Administration
(6)
OLE DB Provider
Miscellaneous
(2)
Architect
VBScript
(9)
ActiveX Controls
(6)
How To's
(14)
.NET Extensions
(3)
External
OLE DB Provider
(12)
SLAPI (SlgxApi.dll)
SalesLogix COM
(1)
Web
ASP/ASP.NET
(2)
Web Services
Web Client
Downloads
Samples
(17)
Documentation
(7)
Utilities
(18)
Resources
SalesLogix
(3)
Programming
(1)
6/20/2025 10:31:29 PM
slxdeveloper.com Community Forums
The Forums on slxdeveloper.com are now retired. The forum archive will remain available for the time being. Thank you for your participation on slxdeveloper.com!
Architect Forums - SalesLogix Scripting & Customization
Forum to discuss writing script in Architect plugins for SalesLogix & general SalesLogix customization topics
(for Windows client only)
. View the
code of conduct
for posting guidelines.
Forums RSS Feed
Back to Forum List
|
Back to SalesLogix Scripting & Customization
|
New Thread
View:
Dynamic
Flat
Tree
Search:
Author
Thread: Security bug in Saleslogix group
Rekha
Posts: 72
Security bug in Saleslogix group
Posted: 07 Nov 07 12:29 PM
I have a new table in which i dont have seccodeid because it is not related to account. it is entirely new module. I am making use of Createuser and have created a group like this below:
SELECT A1.C_EXPENSEID, A1.CREATEUSER, A1.field3 FROM C_EXPENSE A1 WHERE (A1.CREATEUSER IN (select userid from usersecurity where managerid in (Select UserID from USERSECURITY where ManagerId = :UserID and ISMANAGER = 'T')))
this will show all expense of subordinates... but problem is while creating groups, my table c_expense shows up. users can create a group out of base table and be able to see others expense. how to overcome this security bug?
[
Reply
][
Quote
]
Vladimir
Posts: 93
Re: Security bug in Saleslogix group
Posted: 08 Nov 07 1:42 AM
It is not a security bug. You can add SECCODEID field manually.
[
Reply
][
Quote
]
Rekha
Posts: 72
Re: Security bug in Saleslogix group
Posted: 08 Nov 07 8:46 AM
Is there any other way than adding seccodeid? What if I want to mask certain tables from users and not allow them to create group?
[
Reply
][
Quote
]
RJ Samp
Posts: 973
Re: Security bug in Saleslogix group
Posted: 08 Nov 07 9:11 AM
IF a user can join to the table from the SLX Query Builder and the data is on their machine/server then there is no security for that table without having SECCODEID populated and present in that table/row. It's a SLX OLE DB Provider feature.
You can HIDE fields to limit the user's ability to create groups that are linked to other tables.....you can hid Tables as well? So if you have a Cost Table linked to Product....linked to Opportunity Product linked to Opportunity.......then you can hide the ProductID field in Cost to prevent them from linking to it in the SLX Query Builder.....
and DO NOT CREATE any extra Joins, that's just a free security breaching road map for your users.
You can write your own security stuff for the OLE DB Provider in 7.2.....not for the faint of heart unfortunately.
[
Reply
][
Quote
]
Page 1 of 1
You can subscribe to receive a daily forum digest in your
user profile
. View the site
code of conduct
for posting guidelines.
Forum RSS Feed
-
Subscribe to the forum RSS feed to keep on top of the latest forum activity!
slxdeveloper.com is brought to you courtesy of
Ryan Farley
&
Customer FX Corporation
.
This site, and all contents herein, are Copyright © 2025 Customer FX Corporation. The information and opinions expressed here are not endorsed by Sage Software.
code of conduct
|
page cache (param): 6/20/2025 11:06:09 PM