|
A restricting condition is a SQL condition attached to a Table Right or Column Right. The condition restricts the access afforded by the Table Right or Column Right to only a subset of records.
The condition is like a WHERE clause that would identify that subset of records if it were used as part of an explicit SQL SELECT statement.
A restricting condition is a SQL WHERE clause with the WHERE keyword itself omitted. Table aliases are allowed, but the table instance of the Table Right or Column Right that you attach the condition to must be spelled in full.
Example
This example is like a WHERE EXISTS clause in an explicit SQL SELECT statement.
This example is for a usergroup who is allowed access to a table TOUR, but only to the subset of TOUR records that are linked (through a Relationship, a RELATE clause) to a parent record in a PERSON table that identifies the currently logged-in user (represent by keyword USER).
This condition is written for a Table Right on table TOUR. The table name representing the table instance of the Table Right is recognisable because that table name is written in full (as opposed to being given an alias), and also because that table instance does not appear in any FROM clause within the condition:
exists
(
select ''
from person p
relate p "GUIDES" tour
where p.login_name = user
)
|
|
A condition can have foreground scope or background scope. The concept is exactly the same as the scope of the Table Right or Column Right that you attach the condition to.
To a Right with scope "None", you cannot attach a condition. There is nothing to restrict.
To a Right with scope "Background only", you can only attach a condition as Background Condition.
To a Right with scope "Foreground and background", you can add restricting conditions for Foreground access and Background access separately. This gives you the option to restrict one type of access and not the other; to restrict each by a different condition; or to restrict both by the same condition.
For more on scope, go to Scope.
|
To define a condition:
| 1. | Determine the Table Right or Column Right that you want to attach the new condition to. Open either the Table Rights info window or the Column Rights info window. Retrieve the access right in question, making it the current record. |
| 2. | Choose Define, Conditions from the menu. In the Condition field, type the SQL WHERE clause that defines the restriction (omitting the WHERE keyword itself at the beginning; see the Syntax example above). |
| This causes Authorizer to assign a unique Condition ID to the new condition (in field: Identifier). |
| 4. | In the window with the Right you have written the condition for, type that ID in the Foreground Condition field, or in the Background Condition field, or both, as applicable. |
| 5. | Back in the Restricting Conditions window, press the Check button. This causes Authorizer to check the correctness of the SQL code of the constraint. |
|
See also
Authorization concepts
Scope
|
