Tips & Tricks - Rights-dependent display of data records

This workshops shows you how data records can be shown based on permissions. Sound Intrexx and SQL skills are a requirement. Activate the expert options so that all dialogs mentioned in this example are accessible. INTREXX GmbH provides no support and accepts no liability for errors resulting from incorrect implementation.

A common method to implement access authorization for individual records is to add an text data field to the data group, which contain the records that access should be restricted to, and to then assign user objects to this field using a distribution control.

In a view table within an application, a filter is then be defined, which compares the currently logged-in user with the user objects saved in the text data field and checks whether this user is allowed to read the record. This type of filtering achieves the desired result for this use case, but it is not recommended in terms of performance. Especially in portals with a large number of users and groups, this may lead to very long loading times among others.

Performance can be improved by carrying out a comparison with values in child data groups. In this cause, authorized user objects are saved in a child data group and assigned via a foreign key filter with a subselect.

The "Multiple selection" element is used for this on any input page in the data group for which access authorizations are to be set. In the properties dialog of the multiple selection on the "Data source" tab, select the "Distributor selection" option.

On the "Storage options" tab, select the "Data group" option. Click on "Create new child data group" to create a new subordinate data group. This data group is automatically given the name "Values distribution control". Three data fields are also created automatically:

  • PK - Primary key: The unique key of the new data group.

  • FK - Foreign key: Corresponds to the primary key of the superordinate data record for which an authorization is to be saved.

  • Distributor - Saved value: The user object selected by the user in the distributor selection in the browser is saved in this data field. If several objects are selected, a corresponding number of data records are created in the child data group.

Now, the filter XML of the desired view table needs to be modified.

Switch to the page that contains the table to be filtered and open the properties of the table. On the "Data" tab, click on "Filter" and then on "Edit filter in Expert mode".

            <filter guid="EFC6F080E119E0D3AD5B8C9E0458EDE8054AFA0A">   
	<exp op="" type="in">      
		<arg content="GUID_1" type="fieldguid"/>      
		<arg type="statement">         
			<select content="GUID_2" type="tableguid">            
				<field content="GUID_3" type="fieldguid"/>            
				<conc op="and">
					<exp op="" type="in">
						<arg content="GUID_4" type="fieldguid"/>                  
						<arg content="orgstruct" type="userattribute"/>               
					</exp>
				</conc>        
			</select>
		</arg>
	</exp>
</filter>

        

A <filter> element is already defined when the editor is opened. keep this and remove the close symbol / at the end of the element. The insert the remaining script above without the first line. Replace the following values:

  • GUID_1: GUID of the primary key data field of the parent data group

  • GUID_2: GUID of the child data group "Values distribution control"

  • GUID_3: GUID of the foreign key data field of the child data group

  • GUID_4: GUID of the data field "Distributor" of the child data group

After saving the application, you can test the application in the browser by creating different records with different users and then logging in to the portal accordingly.