3. Menu SubMenu Sub--System andSystem and
Access ManagementAccess Management
Development
Infrastructure
Development
Infrastructure
Time Recording
and HR Leave
Systems
Menu
Access
Management
System
Configuration
Menu Subsystem with
Database Security Integration
4. Menu SubMenu Sub--System andSystem and
Access ManagementAccess Management
This module has a number of intrinsic components
– Login Screens
– Personnel Management - Functionality to manage
new and existing users
– Menu Structure Management - Functionality to
manage the menu structure
– Menu Access Management - Functionality that allows
the control of access by personnel, with respect to the
created menu structure
– Database Security Integration - Direct integration
with Oracle’s database security, prevents users from
accessing data via other Oracle tools as well as via
third party products.
5. Menu Login ScreensMenu Login Screens
This module allows existing users to login
into the menu system accessing only those
menu items to which that they have been
given access
8. Once a menu tree structure has been created, the
“Entry Point” concept can be applied
This concept simply allows the one to select any
leg in the created menu tree structure and assign a
name to it
Existing users or roles can then be associated to
that ‘Entry Point’
The associated user, when logging in, will only
see that part of the tree for which he has authority
Menu Access ManagementMenu Access Management
9. Menu Access ManagementMenu Access Management
When Creating a Menu Structure
Step 1 - Create an “Entry Point”
Step 2 - Associate a user to the created
“Entry Point”
When Logging into the System
Step 3 - The user, when logging in,
will only see that part of the
tree for which he has authority
Step 1
A “Entry Point” associated
to the menu tree item
‘System Maintenance’
Step 2
Associate a user to the
created “Entry Point”
Step 3
On login, select the
appropriate ”Entry Point”
10. Database SecurityDatabase Security
IntegrationIntegration
•Allows the creation of menu
and database users
•On user creation, passwords
are encrypted when creating
the database user
•Allows the system
Administrator to associate
existing ‘Database Roles’ to
users
•Based on a setup
parameter, entry point access
is controlled via either
- An individual user basis
- Oracle database roles
Oracle Database
•Database roles are created
•Application objects (tables,
procedures etc) are assigned to
these ‘Database Roles’
•Based on access permissions,
created users are then granted
specific ‘Database Roles’
Oracle Database
•Database roles are created
•Application objects (tables,
procedures etc) are assigned to
these ‘Database Roles’
•Based on access permissions,
created users are then granted
specific ‘Database Roles’
[Menu] - User
Maintenance
Screen
[Menu] - User
Maintenance
Screen
[Menu] –
Login Screen
[Menu] –
Login Screen
•Login names and passwords
are encrypted and checked. If
correct then…
•Reconnects to the Oracle
Database using login name and
encrypted password - thus
enforcing standard Oracle
database security
•If the reconnection fails -
processing is stopped and the
menu structure is not displayed
•When logging in, the user is
forced to change expired
passwords.
11. Database Security IntegrationDatabase Security Integration
Base ComponentsBase Components
Database Schemes - Prefixed with a three
letter acronym plus a ‘$’ sign (e.g. BSL$…)
Database Roles and Profiles - Also prefixed
with the same three letter acronym plus ‘$’
sign
Private Synonyms
Encrypted Database Passwords - Controlled
via an algorithm within the menu sub-system
12. On installation of the system, a three letter
prefix is selected (say “BSL”)
– All tables created for the menu system will be
owned by the database scheme “BSL$OWNER”
– Any other database users created from within the
menu sub-system will also automatically have
this prefix (e.g. “BSL$SMITH”)
Database Security IntegrationDatabase Security Integration
On Installation…On Installation…
13. Once installation has completed, the following
‘Users’ and ‘Roles’ will exist
– Roles
BSL$LOGON: Which will have only the ‘Select’ privilege on a
small subset of tables required for the logging into the system
BSL$USER_ACCESS: Which will have all privileges on all the
menu’s objects (e.g. Tables, procedures etc.)
– Users / Schemes:
BSL$OWNER: Which owns all the menu’s tables and procedures
BSL$LOGO: Which is granted the role ‘BSL$LOGON’ and is used
for the initial logging onto the system
BSL$ADMIN: Which is granted the role ‘BSL$ USER_ACCESS’
as well as private synonyms for all objects granted to the role
‘BSL$ USER_ACCESS’
Database Security IntegrationDatabase Security Integration
Users and RolesUsers and Roles
14. Personnel Maintenance Screen (User Creation)
– Before User Creation - The user password is run through a password encoding
algorithm which generates an encrypted password
– On User Creation - The database user is created using the encrypted password
Menu Login Screen
– The entered password is run through the same password encoding algorithm
– Using this encrypted password, this screen reconnects to the database using the
entered login name
– On an error, processing is stopped and the menu structure is not displayed
– Password expiration is controlled via the use of database ‘User Profiles’. This
ensures that on expiration the user is forced to change his password before
proceeding any further.
What This Means
– The user password entered to log into the menu system is different
to the password for the created database user, thus preventing
unauthorized access via other Oracle tools and third party products
Database Security IntegrationDatabase Security Integration
Password EncryptionPassword Encryption
18. Development InfrastructureDevelopment Infrastructure
On a High Level…On a High Level…
This is a comprehensive set of Oracle libraries,
classes, functions and object groups that are
automatically made available to all newly created
forms
Development undertaken using this infrastructure
will have the same look and feel about it
A major benefit of this architecture is an enforced
standard of programming that should ease the
understanding of code within the development
team
19. Development InfrastructureDevelopment Infrastructure
Base Component ExamplesBase Component Examples
Objects
– Calendars, Toolbars, Navigation Buttons, Error and Information
Message Boxes
Standard Properties
– Screen types and sizing (Tabs, Pop-ups etc.)
– Field types, Sizing and properties (Tick-boxes, Radio buttons,
Fonts, Colours, Sizing)
– Screen Reactions (Query mode colour, Message display etc.)
Screen Parameters
– User selected entity, Screen name, User defined parameters