Appboard/old/access control variables: Difference between revisions

imported>Cmace
(copied from internalwiki)
 
imported>Jason.nicholls
No edit summary
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
{{DISPLAYTITLE:Access Control Variables}}
[[Category:AppBoard old]]
AppBoard includes a special provisioning feature called Variables. Variables have a variety of uses throughout the application. For example, you can use Variables to apply provisioning at the data access layer by only displaying certain data elements to specific Users or Domains.
AppBoard includes a special provisioning feature called Variables. Variables have a variety of uses throughout the application. For example, you can use Variables to apply provisioning at the data access layer by only displaying certain data elements to specific Users or Domains.



Latest revision as of 11:32, 17 July 2014

AppBoard includes a special provisioning feature called Variables. Variables have a variety of uses throughout the application. For example, you can use Variables to apply provisioning at the data access layer by only displaying certain data elements to specific Users or Domains.


Multi-Tenancy

Multi-tenancy is the concept of supporting data for multiple customers in the same system. It is an important feature of AppBoard, because it allows a company such as a Managed Service Provider to create a single solution to apply across an entire customer base. This is more efficient than creating a separate system for each customer.


One way to support multi-tenancy is through the use of Variables. For example, suppose an application has a database table that stores information about server failures:


Server Failure Table
Customer ID IP Address Severity Date/Time
0001 172.21.38.220 SEV-1 2012-3-4 06:13:54
0001 172.21.38.220 SEV-2 2012-3-5 17:22:05
0001 172.26.11.101 SEV-4 2012-3-6 08:25:10
0002 172.21.38.220 SEV-1 2012-3-4 04:13:54
0002 172.21.38.220 SEV-1 2012-3-4 04:13:54


Without using Variables, you would create separate Data Sources for each customer with each requiring its own Stack(s). For example, you could create JDBC SQL Data Sources using the following queries:


  • Data Source 1 (Company 0001)
    SELECT * FROM SERVER_FAILURES WHERE (((SERVER_FAILURES.[Customer ID])=1));
  • Data Source 2 (Company 0002)
    SELECT * FROM SERVER_FAILURES WHERE (((SERVER_FAILURES.[Customer ID])=2));


However, creating multiple customer queries for every Data Source would quickly become inefficient and would not scale. In the above scenario, you can replace the queries with the following single query that uses a Variable:


  • Data Source Using Variable (works for all companies)
    SELECT * FROM SERVER_FAILURES WHERE (((SERVER_FAILURES.[Customer ID])=${shim:session.var.get('companyID')}));


The following sections detail how to create and configure Variables in AppBoard. There are three steps required to implement the use of a Variable:

  1. Create the Variable name and define its properties.
  2. Assign values for the Variable to individual Domains and Users.
  3. Modify your Data Sources to use the Variable, so that the data is filtered appropriately for the Domains and Users based on their assigned values matching the data.

Creating Variables

Perform the following steps to create a Variable in AppBoard:


  1. Log in to the AppBoard Builder as an administrator.
  2. In the Builder Modes panel, click Settings. The System Configuration panel is displayed.
  3. In the System Configuration panel, click the Access Control button. The Access Control screen will be displayed.
  4. Click on the Manage Variables button. The Manage Variables dialog is displayed.
  5. In the Variables panel, click + and enter the name for the Variable that you want to create. Example: Customer ID
  6. Click the Add button. The Variable is displayed on the left panel, and the Variable Configuration panel is displayed in the right panel.
  7. Edit the fields for the Variable:
    • Name - Displays the Variable Name for informational purposes, and cannot be edited.
    • Description - Internal notes about the intended usage of this Variable.
    • Type - Select the type of data for this Variable. This will need to match the type of the data field to be matched against in the Data Source.
    • Scope - Check one or more boxes to indicate at what levels this Variable can be applied:
      • Domain - The value for this Variable can be set for one or more Domains and applies at the Domain level. If the Domain scope is checked, a value set for a variable at the Domain level takes precedence over the Default Value.
      • User - The value for this Variable can be set for one or more Users and applies at the User level. If multiple scope boxes are checked, a value set for a variable at the User level takes precedence over values set as the default value or at the Domain level.
    • Options - Check one or more boxes to indicate special settings for the Variable:
      • Server Use Only - Controls whether this setting will be returned to the client in their context or userenv records. This is set to true by default (so only an administrator will be able to access these settings). If not set, the variable can be viewed by looking at the Diagnostics -> Data screen and selecting "appboard.session.CustContext" or "appboard.session.MyCustUserEnv".
      • Encrypted - The value entered for this Variable will be encrypted. On any screen in the AppBoard UI, the value for the Variable will be displayed as "!!encrypted!!". Note: encrypted values (treated like Server Use Only) will not be returned in either "appboard.session.CustContext" or "appboard.session.MyCustUserEnv" records.
      • LDAP - Describes if the system will attempt to pull settings when a user is authenticated via an external LDAP Server. This flag only applies to user-scoped variables.
    • Ordinal Position - Controls the sort order of displaying Variables on certain screens in AppBoard.
    • Default Value - The initial value for this Variable. This value will be used, unless it is overridden by a setting for an individual Domain or User. If a default value is not set, and a value was not provisioned at the domain / user level, the system will trigger an exception when attempting to perform a request on a given data source configured to use the variable when a User tries to access a Widget that requests this data.


Template-note.png
All Variables and related information are stored in the AppBoard configuration database. They are not stored in stacks.xml.

Setting Variables

The location for setting values for Variables depends on the scope of the Variable. For a Variable with System scope, you set the default value in the Manage Variables UI. For a Variable with Domain or User scope, you must select a Domain or User and then assign the value of the Variable for that selected Domain or User.


Perform the following steps to set a value for a Domain or User Variable in AppBoard:


  1. Log in to the AppBoard Builder as an administrator.
  2. In the Builder Modes panel, click Settings. The System Configuration panel is displayed.
  3. In the System Configuration panel, click the Access Control button. The Access Control screen will be displayed.
  4. In the Users list, Select a User or Domain: and then observe the list of Variables in the Variables panel:
    • If you selected a Domain, all Variables which have a Domain scope will be displayed.
    • If you selected a User, all Variables which have a User scope will be displayed.
  5. Enter values for the Variable(s). The values are saved automatically to the database when they are entered.


For a Variable defined with more than one scope, the following hierarchy determines the order of precedence when more than one value is set for the same Variable:

  1. The value assigned to the User
  2. The value assigned to the Domain
  3. The default value assigned for the System

Using Variables

Once you have created Variables and set their values for individual Domains and/or Users, you are ready to use the Variables to filter access to data from a Data Source. In most cases, you will accomplish this by inserting an Expression command in the Data Source definition.


Perform the following steps to use a Variable in a Data Source configuration:

  1. Click in a Data Source configuration field that supports the insertion of Expression commands. Example: In a Sub Query Data Source, after you select a source to query, check the "Filter" box on the "Connect" screen and add a Filter selecting a column and operator and then click in the value field to the right.
  2. Click the Insert Expression button. The "Create an Expression" dialog is displayed.
  3. Click the Access Control Variable tab. The screen says "Choose an access control variable to use".
  4. Select the appropriate Variable from the list.
  5. Click the Apply button.
  6. Observe that the appropriate code is inserted to retrieve the requested Variable. Example: `Company ID`=${shim:session.var.get('Company ID')}
  7. Review your Data Collection to verify that the data is being filtered appropriately, as per the Variable setting.