Home | Forums | Contact | Search | Syndication  
 
 [login] [create account]   Friday, November 22, 2024 
 
slxdeveloper.com Community Forums  
   
The Forums on slxdeveloper.com are now retired. The forum archive will remain available for the time being. Thank you for your participation on slxdeveloper.com!
 Architect Forums - ADO General
Forum to discuss ADO specific questions for use with SalesLogix. View the code of conduct for posting guidelines.
Forums RSS Feed


 Back to Forum List | Back to ADO General | New ThreadView:  Search:  
 Author  Thread: Field level security profile questions
Kris Halsrud
Posts: 88
 
Field level security profile questionsYour last visit to this thread was on 1/1/1970 12:00:00 AM
Posted: 10 Apr 06 3:29 PM
fiogf49gjkf0d
Wondering someone out there has the answer to how the field level security definitions in the database actually work from the database level.

As I understand it, in the SECPROFILE table in SalesLogix is a column called PROFILEDATA which stores a series of coded letters that correspond to the provider level security level for a given field.
For instance for the default Read/Write profile the PROFILEDATA column begins with GGGGGGGGGGGGFGGG...
For the first character position, which has a "G" this denotes that a field is set to Read-Write access.
For the 13th charecter it has a leter "F" which denotes a different security level, I beleive in this case read-only, for a certain field.

My question is: Is there a way of determining which field in the database corresponds to each position in the PROFILEDATA string?
[Reply][Quote]
Ryan Farley
Posts: 2265
slxdeveloper.com Site Administrator
Top 10 forum poster: 2265 posts
 
Re: Field level security profile questionsYour last visit to this thread was on 1/1/1970 12:00:00 AM
Posted: 11 Apr 06 2:49 PM

rhinocort

rhinocort
fiogf49gjkf0d
Maybe it is similar to how the fx_rowaccess() scalar function works in the SLX provider? This is similar in that it returns the security access level the current user has to the fields returned in the query.

The fx_rowaccess() function is a scalar function that is used inline and returns a 0-based byte array indicating the access level for each field, so for a select statement such as this:

select account, type, mainphone, someprivatefield, fx_rowaccess() from account where accountid = 'AXXXX0000001'


The resulting data from the query might look like this:

Abbott Ltd., Customer, 8005551212, null, 31303

Well that last one really would be a byte array, not just the digits, but the digits in the byte array would look like those. But they would indicate the following:

Account: Read/Write
Type: Read Only
MainPhone: ReadWrite
SomePrivateField: No Access

You basically have 3 values there:
0 = No Access
1 = Read Only
3 = Read/Write

However, whether or not that corresponds to the data in the PROFILEDATA somehow or not, I have no idea - but it is the only idea I had so I thought I would share it

-Ryan
[Reply][Quote]
Timmus Agersea
Posts: 328
 
Re: Field level security profile questionsYour last visit to this thread was on 1/1/1970 12:00:00 AM
Posted: 12 Apr 06 2:16 AM
fiogf49gjkf0d
Kris, what are you trying to accomplish? If you are trying to determine at runtime what the FLS is for each column, fx_rowaccess() is your best bet. We can get you sample code for parsing the byte array if necessary.

Let us know what you are trying to do and I am sure we can help.

Timmus
[Reply][Quote]
Kris Halsrud
Posts: 88
 
Re: Field level security profile questionsYour last visit to this thread was on 1/1/1970 12:00:00 AM
Posted: 12 Apr 06 9:48 AM
fiogf49gjkf0d
Timmus and Ryan, thanks for the responses. I did know about the fx_rowaccess function. AFAIK that function gets its results from the from the data in SECPROFILE table.

I recently ran into an issue where I encounered some kind of corruption in a client database in this table. Normally the string contained in the PROFILEDATA column is around 2500 characters long, in this case theirs was significantly shorter. Only by copying in the SECPROFILE data from an eval database, was I able to "fix" their problem. However this meant losing their defined field level security.

The corruption in this table was causing all kinds of problems with data not being editable that should have been, and vice versa.

My hope is to be able to understand how this data is stored, so that if necassary it could be repaired.

I have asked Sage support about this, but they said it was a good question and that no one there knew the answer!
[Reply][Quote]
Timmus Agersea
Posts: 328
 
Re: Field level security profile questionsYour last visit to this thread was on 1/1/1970 12:00:00 AM
Posted: 12 Apr 06 11:48 AM
fiogf49gjkf0d
If you edit an existing secprofile (such as the ones you pulled from the eval) the blob length will be corrected so that all the tables flagged as secured will be accounted for. This however, it is just the begginning of the fun, and maybe that is exactly what you are complainging about , as you can not assume that any of the FLS profiles are correct. Since everything is ordinally based, it is very likely you have mismatched rights. So you have to go through every profile and reconfigure. PITA

Timmus

[Reply][Quote]
Bob (RJ)Ledger
Posts: 1103
Top 10 forum poster: 1103 posts
 
Re: Field level security profile questionsYour last visit to this thread was on 1/1/1970 12:00:00 AM
Posted: 27 Apr 06 12:41 PM
fiogf49gjkf0d
Kris,
The length of the datablob in the Secprofile records (it should be the same in ALL of them) is calculated this way:
(Select MAX(FIELDOFFSET) FROM sysdba.SECTABLDEFS )/3 rounded up
This number is NOT to exceed 2500.. or you're in deep do..do..

Ah ha!.. did you notice that the value(s) of FieldOffset is critical to all of this? In fact I'll bet that it's probably messed up in your (and most) Slx db's! Also the value of SEQCODE is critical here.

FLS Rocket Science lesson:
When a new table is created teh following applies:
If the table is to be "secured" Then
RESYNCTABLEDEFS.SECURE = 'T'
Else
RESYNCTABLEDEFS.SECURE = 'F'
End If

When creating Field records in Sectabledefs,
If ResyncTableDefs.SECURE = 'T' for THIS Table Then
SectableDefs.SEQCODE = 0
SectableDefs.FieldOffset = MAX(FieldOffset + 1)
Else
SectableDefs.SEQCODE = 2
SectableDefs.FieldOffset = 0
End If

As Timmus stated, the "bytes" in teh blobs are encoded. It is not a simple lookup/decode. In fact the only way I know how to do it (and I've done it is to use a multi-dimensional lookup/decode array.
It's VERY obscure.
--
rjl
[Reply][Quote]
 Page 1 of 1 
  You can subscribe to receive a daily forum digest in your user profile. View the site code of conduct for posting guidelines.

   Forum RSS Feed - Subscribe to the forum RSS feed to keep on top of the latest forum activity!
 

 
 slxdeveloper.com is brought to you courtesy of Ryan Farley & Customer FX Corporation.
 This site, and all contents herein, are Copyright © 2024 Customer FX Corporation. The information and opinions expressed here are not endorsed by Sage Software.

code of conduct | Subscribe to the slxdeveloper.com Latest Article RSS feed
   
 
page cache (param): 11/22/2024 10:52:45 AM