Creating a New User-Restriction Record

The User Master-Restriction view is used to limit users to specific data contained in the views associated with the Roles assigned to them. This is known as 'row level security'. This represents a security policy by user that is applied consistently throughout the iTopia-based applications regardless of the view being used or how the view is customized.

  • For example, if you want to limit a sales representative to only access data related to his or her own activities based on the information in the 'salrep' Domain of any table, you can use the User Master-Restriction view to create this restriction. Note: It is not necessary to create any restrictions for users.

In the User Master-Restriction view, you can create a new User-Restriction record using various methods. It is recommended that you are logged into iTopia as the 'system' user when creating new users. There are three methods available for creating user records in the User Master-Restriction view:

  1. Create - the Create button is located on the Search Criteria/Results page or on the Details page. When you use this method all of the mandatory fields must be entered manually. The current topic focuses on creating users through the Create functionality, however you may find that using the 'Copy' or 'Edit with Excel' techniques very useful once you have a base user-restriction record created.

  2. Copy - the Copy button is located on the Details page. When you use this method, all of the fields from the original record are copied into a new record. Using the Copy option reduces keystrokes as only the fields that require change from user to user need to be re-entered prior to the update. For details on creating users using the 'copy' method, click here.

  3. Edit with Excel - the Edit with Excel functionality is located in the drop lists for both the 'Use Selected Records as Criteria for Action' icon (located to the right of the Export to Excel icon) and the 'Use Record as Criteria for Action' icon (located to the left of the selection check box on a detail line)on the Search Criteria/Results page. When you use this method, you can easily create multiple user-license records as the update takes place on the Excel spread sheet. For details on creating users using the 'edit with excel' method, click here.

Creating a new user-restriction record using the 'Create' method:

  1. Signed on as the system user, open the User Master-Restriction view by:

    • Entering user_domain_rls in the Search field and then clicking Go.
      OR
    • Selecting the User Management System folder on the main menu, then selecting the Master Tables folder and then selecting 'User Master-Restriction'.

  2. From either the Search Criteria/Results page or the Details page on the User Master-Restriction view, click on Create.

  3. The User Master-Restriction/Create window opens. Here is an example of the fields displayed on the Create page:

    Restriction 1

    • User Name - enter or select from the lookup the user name to which the Restriction will be applied.

    • Database Name - enter or select from the lookup the name of the Database to which the Restriction will be applied. The following databases are available for use in the PointForce iTopia environment:

      • ibis - contains your PointForce Enterprise data that resides in iTopia along with data generated and maintained in iTopia. The iBIS database contains all of the views available from the data stored in the tables. Note: For a typical user, enter the ibis database.

      • meta - contains information about information. There are a series of tables which define all of the databases used by iTopia. These metadata tables define the database itself, along with the tables, columns and relationships between the tables. This information is also used by iTopia to generate views of data that are stored in the iBIS database.

      • etrac - this database is available only if it is purchased separately. The etrac database is the shipment tracking database that is used for companies that have their own trucks for deliveries. The database tracks shipments, routes, etc.

    • Domain Name - enter or select from the lookup the appropriate Domain Name. The Domain Name is a unique identifier for a given domain and qualifies the domain usage or reflects the column that is referring to it. A single domain name can be related to several different Column Names, however, the type of information in the columns, within the related tables, is all the same.

      • For example, the Domain 'salrep' is associated with the Column Names 'salrep', 'sash1', and 'saso1'. The Column Name 'salrep' is located in the 'inih', 'sas' and 'sauc' tables (just to mention a few) while the Column Name 'sash1' is located in the 'sash' table and the Column Name 'saso1' is located in the 'saso' table.

      • Even though the column names are different, they are all associated with the same domain. If you enter 'salrep' as the Domain Name, the restriction 'Value' that you enter affects the search results in all the tables/views containing the columns associated to that Domain Name.

    When all of the information is entered, click Continue to continue creating the new User-Restriction record.

  4. The User Master-Restriction page opens for the new Restriction. There is only one input field on this page:

    • Value - enter the appropriate value in the text box. Values represent the actual data contained in the Columns.

      • You can enter any QBE (Query by Example) expression, including processing instructions that represent the value(s) to which the user is restricted. For more information on QBE expressions, click here.

      • For example, let's say you have entered user105 in the User Name field, ibis in the Database Name field, salsrep in the Domain Name field, and =GRLA as the sales representative in the Value field. When user105 logs into iTopia and accesses any view/table that contains a column that is related to the Domain Name 'slsrep', only information for sales rep GRLA is displayed.

      • Note: Most of the Values that you enter will be based on an actual data value in the column, however if you are creating user restrictions for the 'ibis_client' Domain, you must enter the value as {session.ibis_client}.

        Adding a restriction puts an extra layer of security that prevents the user from accessing data from any other client site.

    Note: If you omit entering any of the mandatory fields, the message: "An entry is required" displays beneath each offending field once you click Submit or Save.

  5. When all of the information is entered, you can click Submit or Save:

    • When you click Save, all of your changes are saved and you remain on the User Master-Restriction page.

    • TIP: If you decide that you do not want to create the current record, you can abort the process by clicking Close or Return to Search Page icon. The following message displays: "Are you sure you want to navigate away from this page? Any changes will be discarded. Click OK to continue, or Cancel to stay on the current page. OK/Cancel". Only changes made prior to the record being updated using the Continue, Save or Submit buttons will be discarded.

    • When you click Submit, all of your changes are saved and you are returned to the Create page where you can enter another new User-Restriction record.

 
Back