What's the best way... -Reply

Fri, 19 Mar 1999 11:52:10 +1100

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_000_01BE71A3.ACF368D6
Content-Type: text/plain

	>	We do something similar with a separate set of security
tables to check users against allowable functions rather than using 
	>	the inbuilt PH security options.

	I have always preferred this type of security, i.e. table based
application security (and it looks like most people have adopted something
similar). It is a lot more flexible than file/element based security and
allows you to modify security on the fly (as opposed to PH application
security) without recompilation required. This approach also allows IT
department to offload security
	maintenance to the user department (restricted to the system owner
and with appropriate audit trail).
	This type of security relies on preventing users from having direct
access to the operating system (i.e. users are contained within the PH
application), with further restrictions required to things like FTP (e.g.
users can only FTP to and from their own directory).

	>	Additionally we have a number of screens which we use for
both update and enquiry, based on the access the user has. To 
	>	avoid the user entering any information without reason we
have an input procedure for each field for which data can be 
	>	entered which calls a common internal procedure to check the
security and issue an error if appropriate. It is a bit of 
	>	additional coding, but a neater user interface than waiting
until the preupdate, or even the edit procedure for that matter. 

	Yes, this is much neater, but I suspect it requires more than just a
bit of additional coding!!! You also have to make sure the security code is
in every procedure for every screen. 

	I would strongly suggest that you develop a script that would parse
your screen sourse for field names and create an input procedure calling the
use file for each one (where no such procedure exists) or add the call to
the use file (if the procedure exists, but does not contain the use file
call). The script should also check/ammend/create other procedures like
PREENTRY, PREUPDATE, DELETE etc... The script would need a bit more smarts
built in to change access to fields in the FIND procedure for entering into
prompted fields (otherwise the user would not be able to FIND things). This
would save you a lot of coding and checking. 

	We did this for adding such code in the INITIALIZE procedure in
every screen (we did not go as far as you in terms of security granularity)
and added this script into our compilation macro, so developers did not have
to remember to do this, it was automatically (and consistantly) done for all
screens during compilation. This was on UNIX and used "nawk", do not know
how easy this can be done in DCL, you could write a C program to do this in
any case.

	You are either extremely nice to your users or they are extremely
fussy (probably the later, being a government organisation). Anyhow, all
these things are essentially workarounds for the problem of not having a
nice 4GL way of accomplishing this functionality.

	Arthur Kogan
	Westpac Financial Services
	Sydney, Australia

------_=_NextPart_000_01BE71A3.ACF368D6
Content-Type: application/ms-tnef
Content-Transfer-Encoding: base64

eJ8+IgQAAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQSAAQAiAAAAUkU6IFdoYXQncyB0aGUgYmVzdCB3YXkuLi4gLVJl
cGx5AKIKAQmAAQAhAAAAQjgwNzczQUQ4MURERDIxMTg4NEMwMDAwODM2ODM1NjcA7gYBIIADAA4A
AADPBwMAEwALADsAAAAFADcBAQWAAwAOAAAAzwcDABMACwA0AAoABQA6AQENgAQAAgAAAAIAAgAB
A5AGANAMAAArAAAACwACAAEAAAADAC4AAAAAAEAAOQAwwpS4onG+AR4AcAABAAAAHgAAAFdoYXQn
cyB0aGUgYmVzdCB3YXkuLi4gLVJlcGx5AAAAAgFxAAEAAAAbAAAAAb5xmFYE9Te6Hd12EdKeGwAA
9rj6EQAA3AYgAAIBCRABAAAA4wcAAN8HAAAJDgAATFpGdVfd0RoDAAoAcmNwZzEyNdIyAPszNgHo
IAKkA+MJAgBjaArAc2V0ML4gBxMCgwBQA9URZX0KgNkIyCA7CW8OMDUT7wpgMwKACoF1YwBQCwNs
aS8PMQjQAEELYG4OEDAzMjMLpiA+DIMXoDIg9FdlF5IgAzAZUgsxA2AKdAWQdBHhIG8gc+sDcBEg
aAuAZxtAB3ADEKcKwQPwG5AgYRtAZQqxTmEasBzRBUBvZhzRY1EIcXR5IAGRbAeRdMcbMBDQBZBr
IHUREBEAdRywZwtxcwVAB0AJAHehHoIgZnVuGtBpAiD/BCAdIR8gBcAbkAORH3Absv8XkxqFAtEB
QAqxCoAY9xp6ZSGxIAuAYnUDEAVAUNpIHdhvBTAhQi4jtCK/6SPDSSAQ4HYdUAdAIJD+eQQgGoAB
EASQFVEh8QQAWR5geXAdUB25LCWQLsRlLh5kIGJhERAqgHxhcAtQDeAdMCFBHdgolwBwKoAcgCAJ
AG9rBCD9F0BrHVAEYCAhKxAm4CDBXSlEZCbhKnEbXyksQEn/BUAqwRzACQAFQARgFVAg4FkeoHhp
ILIiA2YDEGX8L2UeoAeAAjAstR3nLoL7IFMEIHkIYB7SBGEGkB5QfyZYA6AlYjOALlIEICbgcL8v
sCpyGzAmIS0vHjEpHGPPCGAFQBVQBaBtcBwhLZPdFVBxJdAVUSxAVCqyOhE3A2AA0ByhbDEwNlZJ
VPsaUBzydDTjHuEdsDOAPgBfNXgjtADAC4AasG4AcGPfM/EbMCViH3I/OigVUCAgbwUQGtA5hCVi
cynQGrBt+Rsgd24h0S6CHHQ90hqA8wcwHUFhdTdgP9EdIAMQ/zJAI7Q9cyr+O+EXQAeRLbH/KgEp
YAIwG7IfdANSKTIbsvc3YDvxIDFjQhAEEUJFJuDvBJAtgRvCRPQoLBMfdTNR/wWgAjALcSpxHHIL
gCVTOez+KSvwHHMg8AAgIcJDxiFEjzzlQjQbsS81RlRQLmD9LDBnTqYtcAOgAiA4wVTi/x7hLoJL
QyGxPRBFQkv1BbC/O0AnWCSaJ28jYxjpQRp6XmRHISFBIFEeUHcwRiD8bnUG0CHRHbIFAAnhBCD+
dxugPiFdsR9xIOAFsQbg8RyRdXBkRsMukQnwPPL/K+EsxDhFTHZChhDgJ0A9YJ8bMCfPI88apylQ
b2kqgv9ClTTxBnEbwQBwHlALgGBB/wDALZM7eCzQaWIwRgOgC4DucDvBGoFCEGQIcGAkaiD/PiE0
YDSwVwEFsV90YPEcwP9V4l6AZF9lbxqYaANP0l+D/y1wIGAysjwRBGBrEmghXVH/a4ke50SjNaoE
AQpQavIqQe8FsQaQRjoyWGIuwR2xbo//b59miFz3T1E3YBgAYfE7wd9eMWogaCFCpHMDZgDQM/X/
IJBdEUqySoEDICViKgFg1P8r8GxCSmElUwmALsFrnCIBfzMRHTBoISxAWhVaL1szWe8HkCvwKqNI
UW0WsBygfPT3fHQpIHXwcysQTEEuwTzV94WxM0IiA2ofcHyyeEV7b34hitCE8DbhPlMpQzcSYf8v
cXXwiGN06XwRJYGFgXZBfylgWIBrjo5TXvSDHCkgd28IYGzxQ+ECIGc4wXXwZ35nQ9GCVDbSAQAp
YAkAcP8csgUEgmORRAqxYBE20QXA/170MSEIcGAVbMRB4AeCLoL/XwFhBGsvchIbskJ1NFNsKPsC
IB1QKF9wcWFeQBsxheL3a5gzoSAgcztQBbGJwSVT/3ISQjmaZE5gHcB/hJysfHT/MMAHkZwABUBP
ZZnschIyQfc9cB1RBQRzO6Fs8T5THxPmL5dANOFkL5fVYJEh0QNrly81UFJFRU5UDFJZK/Cn4VVQ
REGEVEUr8ERFTEWo8PFhcHRjLqnQo8qRREVw9yzyeDMzM3MAwAAgBCAlxP9QQh7yF/FiyBswbMON
8yVi8EZJTkRrjmgWQaEbMO8agTwwMPKuZSimgwPxjKT/QrOqxTMBblEgox7hr0NUJP+jo0hRkUUp
UjbSMtQdsXwU/5eEHyIbsYMcGZBL8SqFYEJ/icIbwoXijZQ4VK9QPxBJ8EFMSVqpgGuYjheVtfeb
kLm0odJnPoFLIQrBOQH3NtJQQgSQbTkRHckJwABw/5FgCsA7IzYjXPAqdgT1sQP/lXI8GgDBA2Ar
8D5xk0Ufkv++toumFVAHgF5zHuEwwCqT/yvxlIE5AUcAHuBpInISLlXvT2EAkCAgAHB0OMA7UDDA
/5thumOecV72a+EbsjwZtabrOQIDoFW8MFg2Ex9xKoDiIkHgd2siK/DIIaHS/mucAAfgO6AH4Goh
HlFIQsduFcszUEFEQ0wr8DbS2wWgkWJ3HiFeEkNrgsGR/1dRyAeOAmiSLXARECdWecPvixOc8hyB
Z9J4Q/A00TjB3wMAQhSVYx90gjNlNgGc8//XxiDwBBAuURqBLMACYNESfx1QPGGGY1eQaGK/IY5R
bn804wWwH+ADALZwUVMsQEH/aKDQoSvwnmMfILLTVEPW8+8EEEpyXWQFsGsKwAhgLpD/ukSf5R6R
RTEdwMal3KTYQ/g0R0x+kSbBdtFMgDwh/xdApICZtLoyIQUHQB4x1ev3BxAbkJWBS9QgAHC5RiAg
/QqwY1TQC4BB8QcxBlJLsLdMkXm0BrBkRXAr4UGI8bsdIBdAYVkvedITAQDtgAADAP0/UgMAAB4A
QhABAAAAJQAAADxzNmYyMjc2Zi4wODhAZG9oLmhlYWx0aC5uc3cuZ292LmF1PgAAAAALAACACCAG
AAAAAADAAAAAAAAARgAAAAADhQAAAAAAAAMAB4AIIAYAAAAAAMAAAAAAAABGAAAAABCFAAAAAAAA
AwAjgAggBgAAAAAAwAAAAAAAAEYAAAAAUoUAAHQQAAAeACSACCAGAAAAAADAAAAAAAAARgAAAABU
hQAAAQAAAAUAAAA4LjAyAAAAAAMAD4AIIAYAAAAAAMAAAAAAAABGAAAAAAGFAAAAAAAACwApgAgg
BgAAAAAAwAAAAAAAAEYAAAAADoUAAAAAAAADAAyACCAGAAAAAADAAAAAAAAARgAAAAARhQAAAAAA
AAMAK4AIIAYAAAAAAMAAAAAAAABGAAAAABiFAAAAAAAAHgA6gAggBgAAAAAAwAAAAAAAAEYAAAAA
NoUAAAEAAAABAAAAAAAAAB4AO4AIIAYAAAAAAMAAAAAAAABGAAAAADeFAAABAAAAAQAAAAAAAAAe
ADyACCAGAAAAAADAAAAAAAAARgAAAAA4hQAAAQAAAAEAAAAAAAAAAwAmAAAAAAADADYAAAAAAB4A
MUABAAAADwAAAEtPR0FOQTREQ0I3ODM4AAADABpAAAAAAB4AMEABAAAADwAAAEtPR0FOQTREQ0I3
ODM4AAADABlAAAAAAAMAgBD/////AgH5PwEAAABiAAAAAAAAANynQMjAQhAatLkIACsv4YIBAAAA
BgAAAC9PPVdFU1RQQUMvT1U9V0JDL0NOPVJFQ0lQSUVOVFMvQ049TVNNQUlMIEFERFJFU1NFUy9D
Tj1LT0dBTkE0RENCNzgzOAAAAB4A+D8BAAAADgAAAEtvZ2FuLCBBcnRodXIAAAAeADhAAQAAAA8A
AABLT0dBTkE0RENCNzgzOAAAAgH7PwEAAABiAAAAAAAAANynQMjAQhAatLkIACsv4YIBAAAABgAA
AC9PPVdFU1RQQUMvT1U9V0JDL0NOPVJFQ0lQSUVOVFMvQ049TVNNQUlMIEFERFJFU1NFUy9DTj1L
T0dBTkE0RENCNzgzOAAAAB4A+j8BAAAADgAAAEtvZ2FuLCBBcnRodXIAAAAeADlAAQAAAA8AAABL
T0dBTkE0RENCNzgzOAAAQAAHMFCJGsabcb4BQAAIMNZo86yjcb4BHgA9AAEAAAAFAAAAUkU6IAAA
AAAeAB0OAQAAAB4AAABXaGF0J3MgdGhlIGJlc3Qgd2F5Li4uIC1SZXBseQAAAAsAKQAAAAAACwAj
AAAAAAADAAYQR5zXdAMABxCSCQAAAwAQEAEAAAADABEQAAAAAB4ACBABAAAAZQAAAFdFRE9TT01F
VEhJTkdTSU1JTEFSV0lUSEFTRVBBUkFURVNFVE9GU0VDVVJJVFlUQUJMRVNUT0NIRUNLVVNFUlNB
R0FJTlNUQUxMT1dBQkxFRlVOQ1RJT05TUkFUSEVSVEhBTlUAAAAAUMg=

------_=_NextPart_000_01BE71A3.ACF368D6--
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Subscribe: "subscribe powerh-l" in message body to majordomo@lists.swau.edu
Unsubscribe: "unsubscribe powerh-l" in message to majordomo@lists.swau.edu
powerh-l@lists.swau.edu is gatewayed one-way to bit.listserv.powerh-l
This list is closed, thus to post to the list, you must be a subscriber.