When you need to allow users access to some, but not all, of the rows in a table, you use restricted conditions. When you restrict access by column content (the value at the intersection of every row and column) you restrict access to part of the data within that table. You define the condition, giving it a name, identifying the table, and stating the condition. For instance, the condition may restrict access to all SALES rows containing a value of 15 in the column for sales ID and a value of DALLAS in the city column. The administrator who is authorized to access the CONDITIONS function creates the condition following your specifications.
A condition results in restricting the user's access to data in that table. That user can only access data that meets the qualifications of the condition. In the condition shown next, the user is permitted to access only those rows that have an ID of 20 and a city of Dallas.
WITH id=20 AND CITY=DALLAS
CA Dataquery automatically appends the condition to the DQL Language query or DQL Language dialog. The condition is transparent to the user.
You also decide which user or group of users to restrict with the condition. The administrator with RESTRICTIONS authorization assigns the condition(s) to an individual user. If you have assigned group levels to users that identify them as belonging to specific groups, you can restrict the condition(s) to a group(s).
For example, if you have defined a high-order (level 1) group named Sales, a middle-order (level 2) group named Dallas, and a low-order (level 3) group named Clerical, and if your company maintains sales rows for all branches in the same table and each row contains a branch code. The branch codes may be:
|
|
If you want clerical users in the Dallas branch to access only the rows for their branch, you create a restricted condition that prevents them from accessing rows that do not contain a 20 in the column for branch codes. Then you assign that restricted condition to all users having a high-order level 1 group of Sales, middle-order level 2 group of Dallas, and a low-order level 3 group of Clerical. You could, of course, assign the restriction to each user individually, if you prefer. Assigning by groups simplifies administration when personnel change job functions or move within the organization of your company frequently.
A restriction can contain multiple conditions. The maximum is 40 conditions and the minimum is 1 condition. The condition must apply to the same CA Datacom/DB table as the restriction. The restriction is then assigned to a user and/or a group level(s).
You cannot restrict access to data using Conditions and Restrictions in SQL Mode.
|
Copyright © 2014 CA.
All rights reserved.
|
|