Here is the case: once the user logon to the webfocus system, a fex will pickup his ID and compare against the database to load his access group, and store the group level into a variable. If I use &VAR, a user can easily change it by passing &VAR=xxx from the URL. Is there a way to create a variable that can only set by fex once, and never change again during the user session?

Thanks.

This message has been edited. Last edited by: Kerry,

Bug,

Please update your user profile signature with your products, releases and platforms. It would be much easier to answer this question if we knew what your environment was.

Is this MRE or self-service? If self-service, is the reporting server running secure? Are there default credentials stored in the WebFOCUS client for the server?

Please advise.

I'm new to this client. This is what I know:

1. It is self-service, not MRE. What do you mean by "running secure"?

2. Each user has his own id and password setup in webfocus. There is no common service ID.

There are several methods of forcing a variable to take a specific value

The best in your particular case is to use the site profile site.wfs

create a focexec eg. security.fex in baseapp that contains the code you use
to manage your variables and add the line

_site_profile=-INCLUDE SECURITY

to site.wfs, in later releases you can use the admin console but you will need to do it
manually.

This will allow you to overide and variables coming from the browser.
In later releases you can protect variable by giving them a prtected status in site.wfs
but that is not an option in 4.x

You will need to restart your application server and WebFocus