Progress
Results Administration
and Development Guide


Data Security

Data security restricts access to data in a connected database to prevent disclosure of sensitive information and to preserve data integrity. Progress provides several security mechanisms to create and enforce data security for an application database. This section describes three types of data security:

The Progress data security applies automatically to Results because Results is a Progress application. Site administrators can add their own security on top of Progress—and Results—security using the Query Table Data Selection and Query Feature Security options.

Programmers can also set up their own security systems specifically for Results using integration points and procedures. See "Programming Results," for more information about integration points and procedures in Results.

Progress Data Security

Progress allows you to limit compile-time access to tables and fields in a database by user ID. All applications that access an application database, including Results, are governed by the compile-time user access permissions stored in the database. If the users do not have write access to a table or a field in an application database at compile time, they can build queries using the table or field in Results but cannot manipulate the data in the table or field using the form view of a Results query. If users do not have read access to a table or a field in an application database at compile time, that table or field does not appear in their database table or field listings. Also, the users cannot access a Results query that accesses the table or field.

To set access permissions for the tables and fields of a database, access the Data Administration tool, then choose Admin Security Edit Data Security. These user access permissions for tables and fields are stored as part of the schema in the application database.

For a complete description of data security and security tools in Progress, see the Progress Database Administration Guide and Reference, the Progress Client Deployment Guide, and the Progress Programming Handbook.

Table Data Selection

By default, if users have access to a table, they have access to all records in that table. Site administrators can define selection criteria for a table that functions as a security mechanism to limit access to sensitive data in the table on a record-by-record basis. Selection criteria is an expression that determines the records that a query returns from a table.

The Table Data Selection option allows administrators with the ability to define security selection criteria for a table. The selection criteria defined for a table executes as part of all queries that access the table, regardless of user ID. When you choose Query Site Admin Table Data Selection, the Table Data Selection dialog box appears. Use this dialog box to build selection criteria for a table:

The Table Data Selection dialog box contains the following user-interface elements:

Base Table

Specifies the current table for the definition of selection criteria. When you select a table from this list, any associated selection criteria expression appears in the Data Selection field. By default, tables do not have associated selection criteria expressions.

Data Selection

Specifies an expression that limits the display of records from the current base table. By default, tables do not have selection criteria in Results.

To define or redefine the selection criteria associated with the current base table, choose the Edit button. The Data Selection dialog box appears:

The Data Selection dialog box contains the following information and functionality:

Base Table

Identifies the base table for which you are defining selection criteria.

Base Table Fields

Lists the fields in the base table.

Operator Buttons

Comparison operators that you can use to build an expression for a selected field in the current base table. The operator buttons become sensitive based on the data type of the selected field. Several of these operator buttons allow you to build specialized search criteria:

Operator Button
Search Criteria
Begins
Specifies a search string to match to the beginning of values in the current base field.
Contains
Specifies a text search expression to locate in the text of the current base field. The current base field must be defined as a word index. The text search expression has the following syntax:

SYNTAX
word [ & | | | ! | ^ ] word ] ... 

A word is a template string as defined previously for the Matches comparison operator. The ampersand (&) represents a logical AND; a vertical line (|), exclamation point (!), or caret (^) represents a logical OR. These logical operators allow you to build complex text search expressions.

Matches

Specifies a template string to compare against values in the current base field. The template string can be a complete value or a partial value with embedded wildcard characters. A period (.) in a particular position in a string indicates that any single character is acceptable in that position of the string; an asterisk (*) indicates that any group of characters is acceptable, including a null group of characters.

List

Specifies a list of string values to compare with values in the current base field.

Range

Specifies a range of values to compare with values in the current base field.

Ask At Run Time

Controls run-time prompts for key values in the selection criteria. By default, this is not activated and there is no run-time prompt for the selection criteria. When you activate this option, Results requests a prompt string to display in a dialog box prompting for a key value when it executes the current query.

Selection Criteria

Specifies the syntax of the selection criteria expression for the base table.

Check Syntax

Specifies when to check the selection criteria. The Now button specifies to check the syntax immediately; the toggle box indicates to check the syntax when you choose OK. By default, Results checks the syntax when you choose OK.

Follow these steps to define selection criteria for a table using the Data Selection dialog box:

  1. Select a field from the table. As you build the selection criteria expression, the syntax of the expression appears in the Selection Criteria panel.
  2. If you want Results to prompt the user for a value for the specified field at run time, activate the Ask At Run Time toggle box.
  3. Choose a comparison operator button. If Ask At Run Time is not selected, Results prompts for values to form the rest of the expression.
  4. To save the selection criteria for the current base table and return to the Table Data Selection dialog box, choose OK in the Data Selection dialog box.
  5. Choose OK in the Table Data Selection dialog box to write the selection criteria associated with each table to the current QC7 file.
Data Security Features

By default, all users can add, update, and delete records from a table using a Results query in the form view. Results provides several features that allow you to regulate which users can perform these data manipulation activities. These features are RecordAdd, RecordDelete, and RecordUpdate. Use the Feature Security option to set user permissions for these features and to determine which users can manipulate a database using the form view of a Results query.

See the "Feature Security" section for more information about how to set user permissions for a feature.


Copyright © 2004 Progress Software Corporation
www.progress.com
Voice: (781) 280-4000
Fax: (781) 280-4095