a5Helper_SQL_ApplySecurity Function
Syntax
Arguments
- sqlCharacter
The SQL Statement to which security will be applied.
- securityDefCharacter
A JSON object that defines the security settings and show/hide expression for selected columns in the SQL statement. Has the following properties:
- columnCharacter
The column in the SQL statement. This must match the parsed SQL representation for the column. See example below.
- securityCharacter
A comma delimited list of the security groups authorized to see this column.
- showHideexpression
A logical expression that evaluates to true or false. Typically the expression will reference session variables.
- loggedInGroupsCharacter
The security groups for the current user.
Description
Applies security to a SQL SELECT statement. Only applies if the SQL statement can be parsed.
Discussion
Applies security and server-side show/hide expressions to a SQL SELECT statement. Columns that the current user is not authorized to access will be removed from the SQL SELECT statement.
The SQL statement passed to this function must be parsable. If Alpha Anywhere cannot parse the statement (e.g. the SQL is a call to a stored procedure), the function returns the original SQL statement.
If a column does not have a security setting or server-side show/hide expression, it will be included in the SQL statement.
If a column has a defined security setting, the column will only be included in the SQL statement if the logged in user is a member of one of the security groups specified by the column's security settings.
If a column as a show/hide expression, the column will only be included in the SQL statement if the expression evaluates to a true result.
The column specify in the securityDef must match exactly how the SQL parser represents the column. For example, consider the following column expression
concatenate(customers.name , ', ', customers.contacttitle)
The meaning of this expression is unchanged if the expression is written as:
concatenate( customers.name , ', ', customers.contacttitle )
However, this is not how the expression is represented in the SQL parser. To get the correct representation of the expression, you can use the code below:
dim si as sql::Query::SelectItem sql2 = "concatenate( customers.name , ', ', customers.contacttitle)" ?si.Parse(sql2) = .T. ?si.SQLStatement = "concatenate(customers.name, ', ', customers.contacttitle)"
Example
sql = <<%str% SELECT customers.CustomerID as cid, customers.CompanyName as compName, customers.ContactName, customers.ContactTitle, concatenate(customers.name,', ',customers.contacttitle) as exp1, orders.OrderID, orders.CustomerID AS CustomerID1, orders.EmployeeID, orders.OrderDate, orders.RequiredDate FROM customers customers INNER JOIN orders orders ON customers.CustomerID = orders.CustomerID %str% 'define the dim ss[0] as p i = ss.append() ss[i].column = "customers.ContactTitle" ss[i].security = "" ss[i].showHide = "session.var1 = \"alpha\"" i = ss.append() ss[i].column = "concatenate(customers.name, ', ', customers.contacttitle)" ss[i].security = "Sales,Marketing" ss[i].showhide = "" i = ss.append() ss[i].column = "customers.CompanyName" ss[i].security = "Administrator" ss[i].showhide = "" dim security as c 'Generate a JSON string security = json_generate(ss) dim loggedInGroups as c loggedInGroups = Context.Security.GetUserRoles() sql2 = a5Helper_SQL_ApplySecurity(sql,security,loggedInGroups)
See Also