Upload
bert
View
45
Download
0
Embed Size (px)
DESCRIPTION
Progress Dynamics™ 2.1A. Group Security. Cheryl LaBarge, Product Readiness tPC Neil Bell, Progress Dynamics Development. Agenda. Security Review Key Enhancements Guidelines Demonstration Questions and Answers. Security Review. Security Model User Types Structures Allocations - PowerPoint PPT Presentation
Citation preview
© 2003 Progress Software Corporation
Progress Dynamics™ Progress Dynamics™ 2.1A2.1A
Group SecurityCheryl LaBarge, Product Readiness tPC
Neil Bell, Progress Dynamics Development
© 2003 Progress Software Corporation2Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
AgendaAgenda
Security Review Key Enhancements Guidelines Demonstration Questions and Answers
© 2003 Progress Software Corporation3Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Security ReviewSecurity Review
Security Model User Types Structures Allocations Resolution of Model
© 2003 Progress Software Corporation4Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Security ModelSecurity Model
90%
10% Access
Restrict
Revoke
Scenario- Application for Subsidiary Offices with access available to the majority of application
© 2003 Progress Software Corporation5Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Security ModelSecurity Model
90%
10% Access
Restrict
*Grant10%
90%
Restrict
Access
Revoke
Scenario- Application for vendors to update products available to internal system for ordering
© 2003 Progress Software Corporation6Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Security User Types – WHO?Security User Types – WHO?
Users
– Individuals
– Option available to make profile User
User Categories
– Descriptive grouping of users
*Security Groups
– Automatically propagate changes
– Not hierarchical
– Conflicts resolved with least restrictive approach
© 2003 Progress Software Corporation7Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Security Structures – WHAT?Security Structures – WHAT?
*Actions Data Ranges Fields Login Companies Default Structures
– Containers
– Data
– Menu Items
– Menu Structures
Containers
Data
Menu Items
Menu Structures
© 2003 Progress Software Corporation9Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Security Allocations – HOW?Security Allocations – HOW?
Associate who may use what?– Associate users to
structures
– Define key parameters
– Document the purpose of the association
© 2003 Progress Software Corporation10Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Resolving ConflictResolving Conflict
Most specific to least checking1. Specific user, specific login company
2. Specific user, any login company
3. All groups, to which the user belongs– If more than one, it applies cumulative least restrictive
4. Allocations against all users– Within the category,
– Allocation against all users within specific login company
– Allocation against all users within all login companies
© 2003 Progress Software Corporation11Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Apply the RulesApply the RulesModel = Revoke
A B C
User
Groups
Maintenance Record – Action - Folder
User – No restriction on the user
1
2
3
© 2003 Progress Software Corporation12Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
AgendaAgenda
Security Review Key Enhancements Guidelines Demonstration Questions and Answers
© 2003 Progress Software Corporation13Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Enhancements - GeneralEnhancements - General
Support for group based security– Default security groups – new users linked
automatically Addition of grant model Improved UI for security leveraging treeview
interface– Security Maintenance
– Security Allocations
– Security Query
– Security Processing
© 2003 Progress Software Corporation14Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Secondary FeaturesSecondary Features
Conversion function – user to groups Fully documented API
© 2003 Progress Software Corporation15Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Enhancements IssuesEnhancements Issues
11422 - Order of security allocations at runtime 11237 - Consolidated groups 11349 - Group w/out security allocations treated as
consolidated group 11311 - Assigning default groups (check the resolution) 11346 - Overriding group restrictions at the user level 11621 - Data ranges API uses chr(3) delimiter 11975 - Can't set security structures below container level
© 2003 Progress Software Corporation16Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
AgendaAgenda
Security Review Key Enhancements Guidelines Demonstration Questions and Answers
© 2003 Progress Software Corporation17Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
GuidelinesGuidelines
1. Choose model
2. Identify functionality access
3. Consolidate groups
4. Plan default
5. Plan company
6. Plan user
7. Review model for complex overrides
8. Implement security model
© 2003 Progress Software Corporation18Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Security DemonstrationSecurity Demonstration
– Outline scenario
– Follow guidelines
– Implement using product
© 2003 Progress Software Corporation19Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Case Study ScenarioCase Study Scenario
Sporting Goods application Typical Users
– Admin – all access– Jr. Salesrep
Robert Newman Seth Macabee Nicole Milton
– Sr. Sales Representative Charles Oliver
– All Sales Tom Gun
© 2003 Progress Software Corporation20Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Choose a ModelChoose a Model
90%
10% Access
Restrict
*Grant10%
90%
Restrict
Access
Revoke
Scenario- Most user have access to application. Easiest to revoke.
© 2003 Progress Software Corporation21Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Replacing a ModelReplacing a Model
Backup your current security work Backup the appropriate tables
GSMFF - Fields
GSMGA - Group Allocations
GSMLG - Login Companies
GSMSS - Security Structures
GSMTO - Actions (Tokens)
GSMUS - Users (and Groups)
Please note that Group Allocation and Users are not exported separately they are combined in the GSMUS export.
© 2003 Progress Software Corporation22Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Setting Your Security ModelSetting Your Security Model
© 2003 Progress Software Corporation23Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Identify Functionality AccessIdentify Functionality Access
Jr Salesrep– Default group
– Limited access Balance hidden Credit Limit and Discount read-only
Sr Salesrep– Override the default on balance read-only
All Salesrep– Combines both groups with least restrictive result
© 2003 Progress Software Corporation24Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Consolidate GroupsConsolidate Groups
Order EntryCustomer Info
All Sales
JR SR
© 2003 Progress Software Corporation25Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Plan DefaultPlan Default
Default group – Jr Salesrep
Senior level group with more access– Sr Salesrep
© 2003 Progress Software Corporation26Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Plan CompanyPlan Company
Starting small Only our default
company Major concern for
hosted applications that might have multiple vendors sharing the application resources
Third Party Group for new companies
Default
Company
SR JR
All
© 2003 Progress Software Corporation27Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Plan UserPlan User
Typical Users– Admin – all access– Jr. Salesrep
Robert Newman Seth Macabee Nicole Milton
– Sr. Sales Representative
Charles Oliver
– All Sales Tom Gun
© 2003 Progress Software Corporation28Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Review For OverridesReview For Overrides
You can remove a menu structure for an individual– Nicole Milton
Jr. salesrep– Access to Order
Entry User override
– Restrict Order Entry MenuBand
Menu Band
Restricted
© 2003 Progress Software Corporation29Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
User OverridesUser Overrides
Example– Seth Macabee
Jr. Salesrep group member
– Balance field – Hidden
User Override– Balance field –
Full Access
User– Seth Macabee
Jr Sales
© 2003 Progress Software Corporation30Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Implement security modelImplement security model
Establish (Maintenance)– Actions– Data ranges– Fields– Login Companies– Security groups– Users
Apply Security (Allocation)– Actions– Containers– Data– Data Ranges– Fields– Login Companies– Menu Items– Menu Structures
Use Enquiry to determine security allocation combinations
If necessary use Security processing to convert User and Profile Users to Groups
© 2003 Progress Software Corporation31Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Actions – Order\LinesActions – Order\Lines
© 2003 Progress Software Corporation32Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Containers - oeOrderFoldWinContainers - oeOrderFoldWin
RNewman
© 2003 Progress Software Corporation33Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Data – 2 Fun to ABC SportsData – 2 Fun to ABC Sports
© 2003 Progress Software Corporation34Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Fields– ARMCU Fields– ARMCU
Jr Salesrep– Balance
Hidden
– Credit Limit Read-only
– Discount Read-only
© 2003 Progress Software Corporation35Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
No Security AllocationsNo Security Allocations
Data Ranges– Access is all or nothing
Login Companies– Only one company in original model
© 2003 Progress Software Corporation36Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Groups – Name field contains GroupGroups – Name field contains Group
Model based– Revoke
– Grant
No Overrides
© 2003 Progress Software Corporation37Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
UI Users – Name Field contains userUI Users – Name Field contains user
Regardless of Model Revoke Access Not Secured
Overrides
© 2003 Progress Software Corporation38Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Converting Users to a GroupConverting Users to a Group
- Converting a user - All security allocations against the user being
converted from is transferred to the new security group.
- User is linked to the newly created security group, he becomes the first “member”.
- Converting a profile user- Only security allocations common to the profile user
being converted, - All users linked to the profile user will be transferred to
the newly created group. - Any “non common” security allocations are not moved,
and stay assigned directly to the applicable user.
© 2003 Progress Software Corporation39Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
DemonstrationDemonstration
Maintenance Allocations Enquiry Processing
© 2003 Progress Software Corporation40Sim
plify
you
r bu
sin
ess
Sim
plify
you
r bu
sin
ess
Questions and AnswersQuestions and Answers
Cheryl [email protected]
Documentation– Progress Dynamics
Developer’s Guide Chapter 13– Progress Dynamics
Administration Guide Chapter 3
Specifications– Ntdata\apps\specs\
Dynamics\2.1a\specs\group_based_security_spec.doc
IssueZilla– Search dynamics Security