Field Level Security John M. Allen Temple University
Introduction <ul><li>We use Social Security Number as the key for our student and financial interfaces.  Anyone who create...
The Solution <ul><li>Millennium uses views to restrict access to records and tables. </li></ul><ul><li>We used the same ap...
SSN Access Rights <ul><li>Granted </li></ul><ul><li>Administrators </li></ul><ul><li>Bookkeepers </li></ul><ul><li>Records...
Granted Access <ul><li>This was the easy part.  Use the corebio_full view that is installed. </li></ul>
Denied Access <ul><li>Create a new view </li></ul><ul><ul><li>Hide coressnum </li></ul></ul><ul><li>Add the view to Millen...
Create a New View <ul><li>Every field in the table must have a field with the same name in the view </li></ul><ul><li>Fiel...
Hide coressnum <ul><li>You need a field called coressnum, but it doesn't have to contain the data from the corebio table. ...
Varying the Text <ul><li>You can even vary the text </li></ul><ul><li>Display nothing when the underlying Social Security ...
Add the view to Millennium <ul><li>Millennium's View Generator (V7.01) doesn't allow you to pick an existing view. </li></...
Assign View to Groups <ul><li>Using the User Security tool, assign the view to the appropriate groups. </li></ul>
Results—Null or Blank SSN Granted Denied
Results—Contains Data Granted Denied
Caveats <ul><li>You cannot use &quot;SELECT *&quot; because &quot;coressnum&quot; would not be a unique name. </li></ul><u...
Conclusion <ul><li>This allows us to : </li></ul><ul><ul><li>Store Social Security Number for our interface </li></ul></ul...
Upcoming SlideShare
Loading in...5
×

Field Level Security

198

Published on

A brief outline of how to set up field level security in Millennium fund-raising software using views created in SQL.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
198
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Field Level Security"

  1. 1. Field Level Security John M. Allen Temple University
  2. 2. Introduction <ul><li>We use Social Security Number as the key for our student and financial interfaces. Anyone who creates or maintains records needs to be able to update and insert the Social Security Numbers, yet we wanted to hide them from everyone else. </li></ul>
  3. 3. The Solution <ul><li>Millennium uses views to restrict access to records and tables. </li></ul><ul><li>We used the same approach to restrict access to fields. </li></ul>
  4. 4. SSN Access Rights <ul><li>Granted </li></ul><ul><li>Administrators </li></ul><ul><li>Bookkeepers </li></ul><ul><li>Records </li></ul><ul><li>Denied </li></ul><ul><li>Directors </li></ul><ul><li>Secretaries </li></ul>
  5. 5. Granted Access <ul><li>This was the easy part. Use the corebio_full view that is installed. </li></ul>
  6. 6. Denied Access <ul><li>Create a new view </li></ul><ul><ul><li>Hide coressnum </li></ul></ul><ul><li>Add the view to Millennium </li></ul><ul><li>Assign view to groups </li></ul>
  7. 7. Create a New View <ul><li>Every field in the table must have a field with the same name in the view </li></ul><ul><li>Field names must be unique </li></ul><ul><li>When the table structure changes, you MUST change the view </li></ul><ul><li>CREATE VIEW V_core_no_ssnum </li></ul><ul><li>AS </li></ul><ul><li>SELECT </li></ul><ul><li>corekey, </li></ul><ul><li>coreid, </li></ul><ul><li>coredoc, </li></ul><ul><li>corelook3, </li></ul><ul><li>coretext </li></ul><ul><li>FROM corebio </li></ul>
  8. 8. Hide coressnum <ul><li>You need a field called coressnum, but it doesn't have to contain the data from the corebio table. </li></ul><ul><li>You can put any text you want up to the length limit. It will be formatted with dashes. </li></ul><ul><li>CREATE VIEW V_core_no_ssnum </li></ul><ul><li>AS </li></ul><ul><li>SELECT </li></ul><ul><li>corekey, </li></ul><ul><li>coreid, </li></ul><ul><li>coredoc, </li></ul><ul><li>'*********' AS coressnum, </li></ul><ul><li>corelook3, </li></ul><ul><li>coretext </li></ul><ul><li>FROM corebio </li></ul>
  9. 9. Varying the Text <ul><li>You can even vary the text </li></ul><ul><li>Display nothing when the underlying Social Security number is NULL or blank. </li></ul><ul><li>Display '***-**-****' when the Social Security number contains data. </li></ul><ul><li>CASE Coalesce(coressnum, '') </li></ul><ul><li>WHEN '' THEN '' </li></ul><ul><li>ELSE '*********' </li></ul><ul><li>END AS coressnum </li></ul>
  10. 10. Add the view to Millennium <ul><li>Millennium's View Generator (V7.01) doesn't allow you to pick an existing view. </li></ul><ul><li>You have to add the view manually. </li></ul><ul><li>vlist_code is the key and must be unique. </li></ul><ul><li>INSERT INTO viewlist </li></ul><ul><li>(vlist_code, vlist_tnum, vlist_name) </li></ul><ul><li>Values('cor001', '00', 'V_core_no_ssnum') </li></ul>
  11. 11. Assign View to Groups <ul><li>Using the User Security tool, assign the view to the appropriate groups. </li></ul>
  12. 12. Results—Null or Blank SSN Granted Denied
  13. 13. Results—Contains Data Granted Denied
  14. 14. Caveats <ul><li>You cannot use &quot;SELECT *&quot; because &quot;coressnum&quot; would not be a unique name. </li></ul><ul><li>Every time the table structure changes, you have to alter the view </li></ul><ul><li>You can only use it with SELECT or DELETE rights. You cannot use it with INSERT or UPDATE rights. </li></ul>
  15. 15. Conclusion <ul><li>This allows us to : </li></ul><ul><ul><li>Store Social Security Number for our interface </li></ul></ul><ul><ul><li>Maintain Social Security Number </li></ul></ul><ul><ul><li>Grant access to specific user groups and deny access to other user groups </li></ul></ul>

×