Focal Point Banner


As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only.

Join the TIBCO Community
TIBCO Community is a collaborative space for users to share knowledge and support one another in making the best use of TIBCO products and services. There are several TIBCO WebFOCUS resources in the community.

  • From the Home page, select Predict: WebFOCUS to view articles, questions, and trending articles.
  • Select Products from the top navigation bar, scroll, and then select the TIBCO WebFOCUS product page to view product overview, articles, and discussions.
  • Request access to the private WebFOCUS User Group (login required) to network with fellow members.

Former myibi community members should have received an email on 8/3/22 to activate their user accounts to join the community. Check your Spam folder for the email. Please get in touch with us at community@tibco.com for further assistance. Reference the community FAQ to learn more about the community.


Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     Focexec/Master Security Question

Read-Only Read-Only Topic
Go
Search
Notify
Tools
Focexec/Master Security Question
 Login/Join
 
Gold member
posted
Hello,
We are locking our masters at the folder level based on subject area. For example: we may have master folders that are named Sales, Billing, Shipments and Invoicing. What we would like to do is when a user runs a Focexec; we need to determine that the user has access to all the masters in Focexec. In other words, is there a way to check user folder access for all masters at the time a Focexec is executed?
I know I can add code at the beginning of the Focexec, something like:
TABLE FILE BILLING
PRINT *
IF RECORDLIMIT EQ 1;
END
-IF &LINES EQ 0 GOTO NO_ACCESS_MESSAGE;
-RUN
TABLE FILE SHIPMENTS
PRINT *
IF RECORDLIMIT EQ 1;
END
-IF &LINES EQ 0 GOTO NO_ACCESS_MESSAGE;

This approach will take a very long time to complete since we have 4000 Focexecs. Does anyone know how to achieve this dynamically at runtime….possibly using the same –INCLUDE for all Focexec?
Thanks for your help


8.0.9, Windows
excel / pdf
 
Posts: 89 | Registered: October 21, 2010Report This Post
Member
posted Hide Post
You could probably query SYSTABLE to do this quickly in one step.

TABLE FILE SYSTABLE
PRINT NAME
WHERE NAME EQ 'billing' OR 'shipments'
END
-RUN
-IF &LINES NE 2 THEN GOTO NO_ACCESS_MESSAGE;


WebFOCUS 8.1.04; SQL Server 2012; Windows 7; Windows Server 2012 R2;
 
Posts: 26 | Registered: November 21, 2005Report This Post
Gold member
posted Hide Post
Hi Rob
Thanks for your response.
When I run your code that just displays the focexec name ...I am looking for the folder names on the app server. I need to see if the users role has access to the folders that contain the masters that the focexec is executing against. Do you know if there is a system table for that? Thanks


8.0.9, Windows
excel / pdf
 
Posts: 89 | Registered: October 21, 2010Report This Post
Virtuoso
posted Hide Post
I don't quite get what you mean by "We are locking our masters at the folder level".
What are "folders"? Are they apps? are they folders with an app?


Daniel
In Focus since 1982
wf 8.202M/Win10/IIS/SSA - WrapApp Front End for WF

 
Posts: 1980 | Location: Tel Aviv, Israel | Registered: March 23, 2006Report This Post
Gold member
posted Hide Post
Hi Daniel,
On the app server we currently have folders that are named by the source system. For example SQL, SAP, B, etc.. what we plan to do is change the folder names to subject area names such as " Sales, Credit, Finance etc..and but the appropriate master in each new folder. I want to be able to include code at the beginning of every focexec that checks to see if the user has access to the masters in the focexec that reside in one of the subject area app folders. For example, if a user runs a focexec that has masters in both sales and billing subject area folders, at the top of the focexec I add code that runs a table file request for the billing and sales masters with a print * for one record. If the result returns zero records for one of the masters then I know the user does not have access to that subject area folder on the app server and the focexec sends a message to the user saying contact the webfocus team for access. Some of our focexecs have masters in multiple subject areas “cross functional” and if the focexec has 15 masters and runs for 4 hours we want to make sure the user has access at the start of the focexec prior to running for hours and then failing on the one master they do not have access for. We are using active directory to validate the users access. I am trying to find the best way to authenticate the user with minimal maintenance. Does this make sense now? Thanks for your help.


8.0.9, Windows
excel / pdf
 
Posts: 89 | Registered: October 21, 2010Report This Post
Virtuoso
posted Hide Post
I think this is an 'It depends' question.

As a starting point I would use _site_profile and XRETRIEVAL=OFF to run the called focexec. This would error if an MFD was not found, without retrieving any records. However if the code relies on &LINES being > 0 at any point, then this compromises this approach.


Alan.
WF 7.705/8.007
 
Posts: 1451 | Location: Portugal | Registered: February 07, 2007Report This Post
Gold member
posted Hide Post
Hi Alan,
so adding "SET XRETRIEVAL=OFF" at the top of each focexec will check the entie focexec prior to running to see if the master exists before running the focexec? so if the user does not have access to the subject area folder on the app server that contains a master within the focexec they are executing it shoiuld fail imediately? if this is the case, this would work for us. Thanks


8.0.9, Windows
excel / pdf
 
Posts: 89 | Registered: October 21, 2010Report This Post
Virtuoso
posted Hide Post
XRETRIEVAL=OFF will run the focexec, and submit TABLE requests, but retrieve no records. Basically it allows a syntax check.


Alan.
WF 7.705/8.007
 
Posts: 1451 | Location: Portugal | Registered: February 07, 2007Report This Post
Gold member
posted Hide Post
Thanks Alan,
I also added this at the bottom of the focexec...seems to be exactly what we are looking for.

-IF &FOCERRNUM NE 0 THEN :ERR;
-RUN
-:ERR
-HTMLFORM BEGIN
<script>
var alertval = 'ERROR: You do not have access to a Subject Area. Please enter a HelpDesk tickect for the WebFocus Team.';
alert(alertval);

-HTMLFORM END
-RUN
-EXIT


8.0.9, Windows
excel / pdf
 
Posts: 89 | Registered: October 21, 2010Report This Post
Virtuoso
posted Hide Post
quote:
Originally posted by MMcDonald:
...
This approach will take a very long time to complete since we have 4000 Focexecs. Does anyone know how to achieve this dynamically at runtime….possibly using the same –INCLUDE for all Focexec?



I think your best solution lies in creating a data source that lists all the synonyms required my each of your ~4000 focexecs.

Then a common routine to verify accessibility of the synonyms (given the focexec name) can be constructed, and a reference inserted at the top of each focexec.

If you need more help with the details, give a shout.


- Jack Gross
WF through 8.1.05
 
Posts: 1925 | Location: NYC | In FOCUS since 1983 | Registered: January 11, 2005Report This Post
Gold member
posted Hide Post
Hi Jack
If you would be so kind to give me a small example I would appreciate it. Thanks


8.0.9, Windows
excel / pdf
 
Posts: 89 | Registered: October 21, 2010Report This Post
Virtuoso
posted Hide Post
The called routine might look like this:
-* common/checkmfds.fex
-DEFAULTH &Fex='[unspecified]';
  TABLEF FILE common/fex_mfd_list
  PRINT
    FEX AS _FEX
    MFD AS _SYNONYM
  WHERE FEX EQ '&Fex';
  ON TABLE HOLD AS HOLDMFDLIST
  END
-RUN
-SET &n=0+&LINES;
-* check whether the fex is registered...
-IF &n EQ 0 THEN GOTO chk.ERR1;

-* check accessibility of each synonym the fex may require...
-REPEAT chk.LOOP &n TIMES ;
-READFILE HOLDMFDLIST
-? &_
CHECK FILE &_SYNONYM
-RUN
-IF &RECORDS EQ 0 THEN GOTO chk.ERR2 ;
-chk.LOOP
-* all is well
-GOTO chk.DONE

-chk.ERR1
-HTMLFORM BEGIN
<script>
alert( '[unknown program "&Fex"]' );
</script>
-HTMLFORM END
-EXIT

-chk.ERR2
-HTMLFORM BEGIN
<script>
alert( '[ data source "&_SYNONYM", required by program "&_FEX", is inaccessible]' );
</script>
-HTMLFORM END
-EXIT

-chk.DONE


NOTE: This is untested code.

The references to amper variable in the -HTMLFORM blocks may need to be recoded using !IBI notation.

After execution of CHECK FILE, &LINES and &RECORDS reflect the number of columns and segments declared in the MFD, and are set to zero if the MFD file is cannot be opened opened and successfully parsed

Note that, per your requirement, this only verifies that the MFD file is in an accessible APP folder -- not that the user can successfully access the underlying data.


The preface code to be inserted at top of the report fex files would be:
-SET &Fex='whatever';
-MRNOEDIT -INCLUDE common/checkmfds.fex

(omit "-MRNOEDIT" if the focexec file into which these lines are inserted is stored on the server)

Of course you need to define your fex_mfd_list table, and create and load it appropriately. In doing so, the MFD list for a "main" routine should cover its direct and indirect needs (i.e., synonyms it references, and any others referenced in any files it -INCLUDEs).

This message has been edited. Last edited by: j.gross,


- Jack Gross
WF through 8.1.05
 
Posts: 1925 | Location: NYC | In FOCUS since 1983 | Registered: January 11, 2005Report This Post
Gold member
posted Hide Post
Thanks Jack for taking the time to share your thoughts/code. I think our team will review this as a viable option.
Thanks again
Matt


8.0.9, Windows
excel / pdf
 
Posts: 89 | Registered: October 21, 2010Report This Post
  Powered by Social Strata  

Read-Only Read-Only Topic

Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     Focexec/Master Security Question

Copyright © 1996-2020 Information Builders