Focal Point
[SOLVED] Securing MFD/Master Files

This topic can be found at:
http://forums.informationbuilders.com/eve/forums/a/tpc/f/7971057331/m/691105525

September 10, 2010, 04:14 PM
ABT
[SOLVED] Securing MFD/Master Files
I know there's got to be an easy way to do this, could someone just point me in the right direction? I've spent a few hours trying to track this down, but I ran across a line in the 'Describing Data with the WebFocus Language' that makes me think that what I want to do is not so common/easy (Setting the DBA password in the Site.wfs and later specifying it in the FEX using the master file). This is less than ideal, since user's A, B, and C are using the same fexs that the 'good' user will be -- I need it to be user/role based, not password based).

Basically, I have a master file (source is Oracle) with some sensitive fields (Salary, etc) that I want some people to see and most not. A CAR representation of this might be thought of like this (except CAR is Focus based and my source is Oracle, and the 'Salary' field represents a 'secret' field):

FILENAME=testcar, SUFFIX=EDA     , $
  SEGMENT=CAR, SEGTYPE=S0, $
    FIELDNAME=SALARY, ALIAS=MODEL, USAGE=A24, ACTUAL=A24, $
    FIELDNAME=COUNTRY, ALIAS=COUNTRY, USAGE=A10, ACTUAL=A10, $
    FIELDNAME=CAR, ALIAS=CAR, USAGE=A16, ACTUAL=A16, $
    FIELDNAME=MODEL, ALIAS=MODEL, USAGE=A24, ACTUAL=A24, $
    FIELDNAME=BODYTYPE, ALIAS=BODYTYPE, USAGE=A12, ACTUAL=A12, $
    FIELDNAME=WARRANTY, ALIAS=WARRANTY, USAGE=A40, ACTUAL=A40, $
    FIELDNAME=STANDARD, ALIAS=STANDARD, USAGE=A40, ACTUAL=A40, $
    FIELDNAME=SEATS, ALIAS=SEATS, USAGE=I3, ACTUAL=I4, $
    FIELDNAME=DEALER_COST, ALIAS=DEALER_COST, USAGE=D7, ACTUAL=D8, $
    FIELDNAME=RETAIL_COST, ALIAS=RETAIL_COST, USAGE=D7, ACTUAL=D8, $
    FIELDNAME=SALES, ALIAS=SALES, USAGE=I6, ACTUAL=I4, $
    FIELDNAME=LENGTH, ALIAS=LENGTH, USAGE=D5, ACTUAL=D8, $
    FIELDNAME=WIDTH, ALIAS=WIDTH, USAGE=D5, ACTUAL=D8, $
    FIELDNAME=HEIGHT, ALIAS=HEIGHT, USAGE=D5, ACTUAL=D8, $
    FIELDNAME=WEIGHT, ALIAS=WEIGHT, USAGE=D6, ACTUAL=D8, $
    FIELDNAME=WHEELBASE, ALIAS=WHEELBASE, USAGE=D6.1, ACTUAL=D8, $
    FIELDNAME=FUEL_CAP, ALIAS=FUEL_CAP, USAGE=D6.1, ACTUAL=D8, $
    FIELDNAME=BHP, ALIAS=BHP, USAGE=D6, ACTUAL=D8, $
    FIELDNAME=RPM, ALIAS=RPM, USAGE=I5, ACTUAL=I4, $
    FIELDNAME=MPG, ALIAS=MPG, USAGE=D6, ACTUAL=D8, $
    FIELDNAME=ACCEL, ALIAS=ACCEL, USAGE=D6, ACTUAL=D8, $


What I'd like to do is specify that user A, B, and C can get results for all fields in the table, but all other users get Missing, or blank or 0 or something else. Ideally, there will be no code changes to the FEXs that call this master file.

My gut says that something like this should work, but doesn't.

 
FILENAME=testcar, SUFFIX=EDA     , $
  SEGMENT=CAR, SEGTYPE=S0, $
 
-IF IBIMR_user NE 'Me' GOTO SKIPSALARY;
    FIELDNAME=SALARY, ALIAS=MODEL, USAGE=A24, ACTUAL=A24, $
-SKIPSALARY

    FIELDNAME=COUNTRY, ALIAS=COUNTRY, USAGE=A10, ACTUAL=A10, $
    FIELDNAME=CAR, ALIAS=CAR, USAGE=A16, ACTUAL=A16, $
    FIELDNAME=MODEL, ALIAS=MODEL, USAGE=A24, ACTUAL=A24, $
....


Any ideas?

-ABT

This message has been edited. Last edited by: Kerry,


------------------------------------
WF Environment:
------------------------------------
Server/Client, ReportCaster, Dev Studio: 7.6.11
Resource Analyzer, Resource Governor, Library, Maintain, InfoAssist
OS: Windows Server 2003
Application/Web Server: Tomcat 5.5.25
Java: JDK 1.6.0_03
Authentication: LDAP, MRREALM Driver
Output: PDF, EXL2K, HTM

------------------------------------
Databases:
------------------------------------
Oracle 10g
DB2 (AS/400)
MSSQL Server 2005
Access/FoxPro
September 10, 2010, 05:23 PM
FrankDutch
You can not do it this way.
You should look in the documentation

An other solution is to solf this in the reports




Frank

prod: WF 7.6.10 platform Windows,
databases: msSQL2000, msSQL2005, RMS, Oracle, Sybase,IE7
test: WF 7.6.10 on the same platform and databases,IE7

September 13, 2010, 03:12 AM
Alan B
How about creating the master wholly on the fly.

Using _site_profile say, issue a FILEDEF for the master and then -WRITE the complete MFD, using real or DEFINEd fields where approriate.
APP FI master DISK testcar.mas
-RUN
-WRITE master FILENAME=testcar, SUFFIX=EDA     , $
-WRITE master  SEGMENT=CAR, SEGTYPE=S0, $
-WRITE master    FIELDNAME=SALARY, ALIAS=MODEL, USAGE=A24, ACTUAL=A24, $
.
.
-SET &DEFSAL = IF IBIMR_user NE 'Me' THEN 'DEFINE SALARY/A24 = ''' ''';,$' ELSE ' ';
-IF IBIMR_user NE 'Me' GOTO SKIPSALARY;
-WRITE master    FIELDNAME=SALARY, ALIAS=MODEL, USAGE=A24, ACTUAL=A24, $
-SKIPSALARY
.
.
-WRITE master &DEFSAL 

or something along those lines.

Not actually had chance to test, so this is off the top of my head, but should be okay!


Alan.
WF 7.705/8.007
September 13, 2010, 05:10 AM
GamP
Maybe the DBA security in the master file is something for you? You can find it in the manual Describing Data with WebFOCUS, chapter 10.


GamP

- Using AS 8.2.01 on Windows 7 - IE11.
in Focus since 1988
September 13, 2010, 04:09 PM
ABT
Kudos to Alan for getting the closest to what I was originally describing.

I ended up going with the DBA security, though because I there was a key portion of the equation missing. The 'Defining Data...' manual failed to mention that the user ID could be set/interpreted via the 'IBIF_dbapass_src' option in site.wfs. Based on the options I saw in the manual, I was under the impression that the user had to be set as 'SET USER = user1' or 'Set Pass = Password' which was inadequate for what I am trying to achieve. After setiing to MR ID, I get the desired effect.

Now, I have one last question. My circumstance is that I have an admin account that needs to access the 'sensitive' data, all others are to just see nothing. Seems like I need a facility to indicate all other users (*, ALL, etc). We have hundreds of users that I don't want to list individually. Any ideas?

  
FILENAME=TEST_TABLE, SUFFIX=SQLMSS  , $                   
  SEGMENT=TEST_TABLE, SEGTYPE=S0, $                                   
    FIELDNAME=EVENTID, ALIAS=EventID, USAGE=I11, ACTUAL=I4, FIELDTYPE=R, $      
    FIELDNAME=EVENTTIME, ALIAS=EventTIme, USAGE=HYYMDs, ACTUAL=HYYMDs,          
      MISSING=ON, $                                                             
    FIELDNAME=EVENTTYPE, ALIAS=EventType, USAGE=A10, ACTUAL=A10,                
      MISSING=ON, $                                                             
    FIELDNAME=USERID, ALIAS=UserID, USAGE=A10, ACTUAL=A10,                      
      MISSING=ON, $                                                             
    FIELDNAME=REPORTID, ALIAS=ReportID, USAGE=A8, ACTUAL=A8,                    
      MISSING=ON, $                                                             
    FIELDNAME=REPORTDATE, ALIAS=ReportDate, USAGE=A10, ACTUAL=A10,              
      MISSING=ON, $                                                             
    FIELDNAME=GROUPID, ALIAS=GroupID, USAGE=A10, ACTUAL=A10,                    
      MISSING=ON, $                                                             
    FIELDNAME=UNIQUEID, ALIAS=UniqueID, USAGE=A10, ACTUAL=A10,                  
      MISSING=ON, $                                                             
    FIELDNAME=FLAG1, ALIAS=Flag1, USAGE=A1, ACTUAL=A1,
      MISSING=ON, $
    FIELDNAME=FLAG2, ALIAS=Flag2, USAGE=A1, ACTUAL=A1,
      MISSING=ON, $
    FIELDNAME=FLAG3, ALIAS=Flag3, USAGE=A1, ACTUAL=A1,
      MISSING=ON, $
    FIELDNAME=FLAG4, ALIAS=Flag4, USAGE=A1, ACTUAL=A1,
      MISSING=ON, $
END                                                                             
DBA=password, $          
                                                       
USER=EVERYONE, ACCESS=RW, $       
 ACCESS=R, RESTRICT=NOPRINT, NAME=Flag1, $
 ACCESS=R, RESTRICT=NOPRINT, NAME=Flag2, $
 ACCESS=R, RESTRICT=NOPRINT, NAME=Flag3, $
 ACCESS=R, RESTRICT=NOPRINT, NAME=Flag4, $               

USER=ADMIN, ACCESS=RW, $



------------------------------------
WF Environment:
------------------------------------
Server/Client, ReportCaster, Dev Studio: 7.6.11
Resource Analyzer, Resource Governor, Library, Maintain, InfoAssist
OS: Windows Server 2003
Application/Web Server: Tomcat 5.5.25
Java: JDK 1.6.0_03
Authentication: LDAP, MRREALM Driver
Output: PDF, EXL2K, HTM

------------------------------------
Databases:
------------------------------------
Oracle 10g
DB2 (AS/400)
MSSQL Server 2005
Access/FoxPro