Print Page | Close Window

Field Level Security

Printed From: IdeaBlade
Category: DevForce
Forum Name: DevForce 2010
Forum Discription: For .NET 4.0
URL: http://www.ideablade.com/forum/forum_posts.asp?TID=3847
Printed Date: 25-Mar-2025 at 5:17am


Topic: Field Level Security
Posted By: gregweb
Subject: Field Level Security
Date Posted: 09-Dec-2012 at 2:23pm
I am trying to come up with a way to do Field Level Security with DevForce.

http://drc.ideablade.com/xwiki/bin/view/Documentation/authorize - This topic talks about it, but I am not seeing a way to actually perform it.

The use case is wishing for some users not to have access to certain fields. But they still need to update other fields.

The data scrubbing technique does not work, as the scrubbed data would end up getting saved to the database.

Since the permissions are going to vary from role to role, I can't change the entity to match.

So I am not really seeing a way to do this on the server side. An alternate is to send the data down and hide it on the client, but that is not really a security measure.

Just wondering if you have any more thoughts on the matter.

Greg


Replies:
Posted By: kimj
Date Posted: 10-Dec-2012 at 1:29pm
Hi Greg,
 
Other than what's discussed in the topic you've linked, here in product support we don't have anything to add.  One clarification, though - DevForce updates only affect the changed properties, so properties scrubbed in the server query interceptor won't end up being saved to the database, as the DevForce client doesn't register the scrubbed property as changed.
 
 

Posted By: gregweb
Date Posted: 11-Dec-2012 at 8:15am
Thanks very much, that works for me.

Greg


Print Page | Close Window