progress dynamics™ 2.1a

© 2003 Progress Software Corporation

Progress Dynamics™ Progress Dynamics™ 2.1A2.1A

Group SecurityCheryl LaBarge, Product Readiness tPC

Neil Bell, Progress Dynamics Development

© 2003 Progress Software Corporation2Sim

plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

AgendaAgenda

Security Review Key Enhancements Guidelines Demonstration Questions and Answers


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Security ReviewSecurity Review

Security Model User Types Structures Allocations Resolution of Model


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Security ModelSecurity Model

90%

10% Access

Restrict

Revoke

Scenario- Application for Subsidiary Offices with access available to the majority of application


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Security ModelSecurity Model

90%

10% Access

Restrict

*Grant10%

90%

Restrict

Access

Revoke

Scenario- Application for vendors to update products available to internal system for ordering


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Security User Types – WHO?Security User Types – WHO?

Users

– Individuals

– Option available to make profile User

User Categories

– Descriptive grouping of users

*Security Groups

– Automatically propagate changes

– Not hierarchical

– Conflicts resolved with least restrictive approach


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Security Structures – WHAT?Security Structures – WHAT?

*Actions Data Ranges Fields Login Companies Default Structures

– Containers

– Data

– Menu Items

– Menu Structures

Containers

Data

Menu Items

Menu Structures


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Security Allocations – HOW?Security Allocations – HOW?

Associate who may use what?– Associate users to

structures

– Define key parameters

– Document the purpose of the association


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Resolving ConflictResolving Conflict

Most specific to least checking1. Specific user, specific login company

2. Specific user, any login company

3. All groups, to which the user belongs– If more than one, it applies cumulative least restrictive

4. Allocations against all users– Within the category,

– Allocation against all users within specific login company

– Allocation against all users within all login companies


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Apply the RulesApply the RulesModel = Revoke

A B C

User

Groups

Maintenance Record – Action - Folder

User – No restriction on the user

1

2

3


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

AgendaAgenda



plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Enhancements - GeneralEnhancements - General

Support for group based security– Default security groups – new users linked

automatically Addition of grant model Improved UI for security leveraging treeview

interface– Security Maintenance

– Security Allocations

– Security Query

– Security Processing


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Secondary FeaturesSecondary Features

Conversion function – user to groups Fully documented API


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Enhancements IssuesEnhancements Issues

11422 - Order of security allocations at runtime 11237 - Consolidated groups 11349 - Group w/out security allocations treated as

consolidated group 11311 - Assigning default groups (check the resolution) 11346 - Overriding group restrictions at the user level 11621 - Data ranges API uses chr(3) delimiter 11975 - Can't set security structures below container level


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

AgendaAgenda



plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

GuidelinesGuidelines

1. Choose model

2. Identify functionality access

3. Consolidate groups

4. Plan default

5. Plan company

6. Plan user

7. Review model for complex overrides

8. Implement security model


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Security DemonstrationSecurity Demonstration

– Outline scenario

– Follow guidelines

– Implement using product


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Case Study ScenarioCase Study Scenario

Sporting Goods application Typical Users

– Admin – all access– Jr. Salesrep

Robert Newman Seth Macabee Nicole Milton

– Sr. Sales Representative Charles Oliver

– All Sales Tom Gun


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Choose a ModelChoose a Model

90%

10% Access

Restrict

*Grant10%

90%

Restrict

Access

Revoke

Scenario- Most user have access to application. Easiest to revoke.


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Replacing a ModelReplacing a Model

Backup your current security work Backup the appropriate tables

GSMFF - Fields

GSMGA - Group Allocations

GSMLG - Login Companies

GSMSS - Security Structures

GSMTO - Actions (Tokens)

GSMUS - Users (and Groups)

Please note that Group Allocation and Users are not exported separately they are combined in the GSMUS export.


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Setting Your Security ModelSetting Your Security Model


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Identify Functionality AccessIdentify Functionality Access

Jr Salesrep– Default group

– Limited access Balance hidden Credit Limit and Discount read-only

Sr Salesrep– Override the default on balance read-only

All Salesrep– Combines both groups with least restrictive result


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Consolidate GroupsConsolidate Groups

Order EntryCustomer Info

All Sales

JR SR


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Plan DefaultPlan Default

Default group – Jr Salesrep

Senior level group with more access– Sr Salesrep


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Plan CompanyPlan Company

Starting small Only our default

company Major concern for

hosted applications that might have multiple vendors sharing the application resources

Third Party Group for new companies

Default

Company

SR JR

All


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Plan UserPlan User

Typical Users– Admin – all access– Jr. Salesrep

Robert Newman Seth Macabee Nicole Milton

– Sr. Sales Representative

Charles Oliver

– All Sales Tom Gun


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Review For OverridesReview For Overrides

You can remove a menu structure for an individual– Nicole Milton

Jr. salesrep– Access to Order

Entry User override

– Restrict Order Entry MenuBand

Menu Band

Restricted


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

User OverridesUser Overrides

Example– Seth Macabee

Jr. Salesrep group member

– Balance field – Hidden

User Override– Balance field –

Full Access

User– Seth Macabee

Jr Sales


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Implement security modelImplement security model

Establish (Maintenance)– Actions– Data ranges– Fields– Login Companies– Security groups– Users

Apply Security (Allocation)– Actions– Containers– Data– Data Ranges– Fields– Login Companies– Menu Items– Menu Structures

Use Enquiry to determine security allocation combinations

If necessary use Security processing to convert User and Profile Users to Groups


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Actions – Order\LinesActions – Order\Lines


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Containers - oeOrderFoldWinContainers - oeOrderFoldWin

RNewman


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Data – 2 Fun to ABC SportsData – 2 Fun to ABC Sports


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Fields– ARMCU Fields– ARMCU

Jr Salesrep– Balance

Hidden

– Credit Limit Read-only

– Discount Read-only


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

No Security AllocationsNo Security Allocations

Data Ranges– Access is all or nothing

Login Companies– Only one company in original model


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Groups – Name field contains GroupGroups – Name field contains Group

Model based– Revoke

– Grant

No Overrides


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

UI Users – Name Field contains userUI Users – Name Field contains user

Regardless of Model Revoke Access Not Secured

Overrides


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Converting Users to a GroupConverting Users to a Group

- Converting a user - All security allocations against the user being

converted from is transferred to the new security group.

- User is linked to the newly created security group, he becomes the first “member”.

- Converting a profile user- Only security allocations common to the profile user

being converted, - All users linked to the profile user will be transferred to

the newly created group. - Any “non common” security allocations are not moved,

and stay assigned directly to the applicable user.


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

DemonstrationDemonstration

Maintenance Allocations Enquiry Processing


plify

you

r bu

sin

ess

Sim

plify

you

r bu

sin

ess

Questions and AnswersQuestions and Answers

Cheryl [email protected]

Documentation– Progress Dynamics

Developer’s Guide Chapter 13– Progress Dynamics

Administration Guide Chapter 3

Specifications– Ntdata\apps\specs\

Dynamics\2.1a\specs\group_based_security_spec.doc

IssueZilla– Search dynamics Security

progress dynamics™ 2.1a

Documents