Focal Point Banner
Community Center Education Summit Technical Support User Groups
Let's Get Social!

Facebook Twitter LinkedIn YouTube
Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [SOLVED] Securing MFD/Master Files
Go
New
Search
Notify
Tools
Reply
  
[SOLVED] Securing MFD/Master Files
 Login/Join
 
Master
posted
I know there's got to be an easy way to do this, could someone just point me in the right direction? I've spent a few hours trying to track this down, but I ran across a line in the 'Describing Data with the WebFocus Language' that makes me think that what I want to do is not so common/easy (Setting the DBA password in the Site.wfs and later specifying it in the FEX using the master file). This is less than ideal, since user's A, B, and C are using the same fexs that the 'good' user will be -- I need it to be user/role based, not password based).

Basically, I have a master file (source is Oracle) with some sensitive fields (Salary, etc) that I want some people to see and most not. A CAR representation of this might be thought of like this (except CAR is Focus based and my source is Oracle, and the 'Salary' field represents a 'secret' field):

FILENAME=testcar, SUFFIX=EDA     , $
  SEGMENT=CAR, SEGTYPE=S0, $
    FIELDNAME=SALARY, ALIAS=MODEL, USAGE=A24, ACTUAL=A24, $
    FIELDNAME=COUNTRY, ALIAS=COUNTRY, USAGE=A10, ACTUAL=A10, $
    FIELDNAME=CAR, ALIAS=CAR, USAGE=A16, ACTUAL=A16, $
    FIELDNAME=MODEL, ALIAS=MODEL, USAGE=A24, ACTUAL=A24, $
    FIELDNAME=BODYTYPE, ALIAS=BODYTYPE, USAGE=A12, ACTUAL=A12, $
    FIELDNAME=WARRANTY, ALIAS=WARRANTY, USAGE=A40, ACTUAL=A40, $
    FIELDNAME=STANDARD, ALIAS=STANDARD, USAGE=A40, ACTUAL=A40, $
    FIELDNAME=SEATS, ALIAS=SEATS, USAGE=I3, ACTUAL=I4, $
    FIELDNAME=DEALER_COST, ALIAS=DEALER_COST, USAGE=D7, ACTUAL=D8, $
    FIELDNAME=RETAIL_COST, ALIAS=RETAIL_COST, USAGE=D7, ACTUAL=D8, $
    FIELDNAME=SALES, ALIAS=SALES, USAGE=I6, ACTUAL=I4, $
    FIELDNAME=LENGTH, ALIAS=LENGTH, USAGE=D5, ACTUAL=D8, $
    FIELDNAME=WIDTH, ALIAS=WIDTH, USAGE=D5, ACTUAL=D8, $
    FIELDNAME=HEIGHT, ALIAS=HEIGHT, USAGE=D5, ACTUAL=D8, $
    FIELDNAME=WEIGHT, ALIAS=WEIGHT, USAGE=D6, ACTUAL=D8, $
    FIELDNAME=WHEELBASE, ALIAS=WHEELBASE, USAGE=D6.1, ACTUAL=D8, $
    FIELDNAME=FUEL_CAP, ALIAS=FUEL_CAP, USAGE=D6.1, ACTUAL=D8, $
    FIELDNAME=BHP, ALIAS=BHP, USAGE=D6, ACTUAL=D8, $
    FIELDNAME=RPM, ALIAS=RPM, USAGE=I5, ACTUAL=I4, $
    FIELDNAME=MPG, ALIAS=MPG, USAGE=D6, ACTUAL=D8, $
    FIELDNAME=ACCEL, ALIAS=ACCEL, USAGE=D6, ACTUAL=D8, $


What I'd like to do is specify that user A, B, and C can get results for all fields in the table, but all other users get Missing, or blank or 0 or something else. Ideally, there will be no code changes to the FEXs that call this master file.

My gut says that something like this should work, but doesn't.

 
FILENAME=testcar, SUFFIX=EDA     , $
  SEGMENT=CAR, SEGTYPE=S0, $
 
-IF IBIMR_user NE 'Me' GOTO SKIPSALARY;
    FIELDNAME=SALARY, ALIAS=MODEL, USAGE=A24, ACTUAL=A24, $
-SKIPSALARY

    FIELDNAME=COUNTRY, ALIAS=COUNTRY, USAGE=A10, ACTUAL=A10, $
    FIELDNAME=CAR, ALIAS=CAR, USAGE=A16, ACTUAL=A16, $
    FIELDNAME=MODEL, ALIAS=MODEL, USAGE=A24, ACTUAL=A24, $
....


Any ideas?

-ABT

This message has been edited. Last edited by: Kerry,


------------------------------------
WF Environment:
------------------------------------
Server/Client, ReportCaster, Dev Studio: 7.6.11
Resource Analyzer, Resource Governor, Library, Maintain, InfoAssist
OS: Windows Server 2003
Application/Web Server: Tomcat 5.5.25
Java: JDK 1.6.0_03
Authentication: LDAP, MRREALM Driver
Output: PDF, EXL2K, HTM

------------------------------------
Databases:
------------------------------------
Oracle 10g
DB2 (AS/400)
MSSQL Server 2005
Access/FoxPro
 
Posts: 561 | Registered: February 03, 2010Reply With QuoteReport This Post
Virtuoso
posted Hide Post
You can not do it this way.
You should look in the documentation

An other solution is to solf this in the reports




Frank

prod: WF 7.6.10 platform Windows,
databases: msSQL2000, msSQL2005, RMS, Oracle, Sybase,IE7
test: WF 7.6.10 on the same platform and databases,IE7

 
Posts: 2387 | Location: Amsterdam, the Netherlands | Registered: December 03, 2006Reply With QuoteReport This Post
Virtuoso
posted Hide Post
How about creating the master wholly on the fly.

Using _site_profile say, issue a FILEDEF for the master and then -WRITE the complete MFD, using real or DEFINEd fields where approriate.
APP FI master DISK testcar.mas
-RUN
-WRITE master FILENAME=testcar, SUFFIX=EDA     , $
-WRITE master  SEGMENT=CAR, SEGTYPE=S0, $
-WRITE master    FIELDNAME=SALARY, ALIAS=MODEL, USAGE=A24, ACTUAL=A24, $
.
.
-SET &DEFSAL = IF IBIMR_user NE 'Me' THEN 'DEFINE SALARY/A24 = ''' ''';,$' ELSE ' ';
-IF IBIMR_user NE 'Me' GOTO SKIPSALARY;
-WRITE master    FIELDNAME=SALARY, ALIAS=MODEL, USAGE=A24, ACTUAL=A24, $
-SKIPSALARY
.
.
-WRITE master &DEFSAL 

or something along those lines.

Not actually had chance to test, so this is off the top of my head, but should be okay!


Alan.
WF 7.705/8.007
 
Posts: 1451 | Location: Portugal | Registered: February 07, 2007Reply With QuoteReport This Post
Virtuoso
posted Hide Post
Maybe the DBA security in the master file is something for you? You can find it in the manual Describing Data with WebFOCUS, chapter 10.


GamP

- Using AS 8.2.01 on Windows 7 - IE11.
in Focus since 1988
 
Posts: 1960 | Location: Netherlands | Registered: September 25, 2007Reply With QuoteReport This Post
Master
posted Hide Post
Kudos to Alan for getting the closest to what I was originally describing.

I ended up going with the DBA security, though because I there was a key portion of the equation missing. The 'Defining Data...' manual failed to mention that the user ID could be set/interpreted via the 'IBIF_dbapass_src' option in site.wfs. Based on the options I saw in the manual, I was under the impression that the user had to be set as 'SET USER = user1' or 'Set Pass = Password' which was inadequate for what I am trying to achieve. After setiing to MR ID, I get the desired effect.

Now, I have one last question. My circumstance is that I have an admin account that needs to access the 'sensitive' data, all others are to just see nothing. Seems like I need a facility to indicate all other users (*, ALL, etc). We have hundreds of users that I don't want to list individually. Any ideas?

  
FILENAME=TEST_TABLE, SUFFIX=SQLMSS  , $                   
  SEGMENT=TEST_TABLE, SEGTYPE=S0, $                                   
    FIELDNAME=EVENTID, ALIAS=EventID, USAGE=I11, ACTUAL=I4, FIELDTYPE=R, $      
    FIELDNAME=EVENTTIME, ALIAS=EventTIme, USAGE=HYYMDs, ACTUAL=HYYMDs,          
      MISSING=ON, $                                                             
    FIELDNAME=EVENTTYPE, ALIAS=EventType, USAGE=A10, ACTUAL=A10,                
      MISSING=ON, $                                                             
    FIELDNAME=USERID, ALIAS=UserID, USAGE=A10, ACTUAL=A10,                      
      MISSING=ON, $                                                             
    FIELDNAME=REPORTID, ALIAS=ReportID, USAGE=A8, ACTUAL=A8,                    
      MISSING=ON, $                                                             
    FIELDNAME=REPORTDATE, ALIAS=ReportDate, USAGE=A10, ACTUAL=A10,              
      MISSING=ON, $                                                             
    FIELDNAME=GROUPID, ALIAS=GroupID, USAGE=A10, ACTUAL=A10,                    
      MISSING=ON, $                                                             
    FIELDNAME=UNIQUEID, ALIAS=UniqueID, USAGE=A10, ACTUAL=A10,                  
      MISSING=ON, $                                                             
    FIELDNAME=FLAG1, ALIAS=Flag1, USAGE=A1, ACTUAL=A1,
      MISSING=ON, $
    FIELDNAME=FLAG2, ALIAS=Flag2, USAGE=A1, ACTUAL=A1,
      MISSING=ON, $
    FIELDNAME=FLAG3, ALIAS=Flag3, USAGE=A1, ACTUAL=A1,
      MISSING=ON, $
    FIELDNAME=FLAG4, ALIAS=Flag4, USAGE=A1, ACTUAL=A1,
      MISSING=ON, $
END                                                                             
DBA=password, $          
                                                       
USER=EVERYONE, ACCESS=RW, $       
 ACCESS=R, RESTRICT=NOPRINT, NAME=Flag1, $
 ACCESS=R, RESTRICT=NOPRINT, NAME=Flag2, $
 ACCESS=R, RESTRICT=NOPRINT, NAME=Flag3, $
 ACCESS=R, RESTRICT=NOPRINT, NAME=Flag4, $               

USER=ADMIN, ACCESS=RW, $


------------------------------------
WF Environment:
------------------------------------
Server/Client, ReportCaster, Dev Studio: 7.6.11
Resource Analyzer, Resource Governor, Library, Maintain, InfoAssist
OS: Windows Server 2003
Application/Web Server: Tomcat 5.5.25
Java: JDK 1.6.0_03
Authentication: LDAP, MRREALM Driver
Output: PDF, EXL2K, HTM

------------------------------------
Databases:
------------------------------------
Oracle 10g
DB2 (AS/400)
MSSQL Server 2005
Access/FoxPro
 
Posts: 561 | Registered: February 03, 2010Reply With QuoteReport This Post
  Powered by Social Strata  
 

Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [SOLVED] Securing MFD/Master Files

Copyright © 1996-2018 Information Builders, leaders in enterprise business intelligence.