Applicable Versions: 3.00.0078 Onwards
Users can only create or run queries for which they have subjects available. As such, user data access can be controlled by limiting the subjects. This means it is common to want different subjects available for different users.
The data location determines the location from which the setup files should be loaded. If the data location is set to an AppServer (see "How can I easily change my DataLocation so that my setup is stored centrally on an AppServer?"), and DataPA is configured to use XML setup Data (see "Can I store my setup data in a standard XML format rather than DataPA's proprietry dat format?"), DataPA will try to call a procedure called PAFilterSubjects.p in the PROPATH of the AppServer, passing the username and two Progress temp-table that contain all the subjects and their corresponding fields. If any of the subject records are deleted, the subject will not be available to the user and if any of the fields are deleted, the corresponding subject field will not be available to the end user.
The PAFilterSubjects procedure must be called PAFilterSubjects.p and reside in the PROPATH of the AppServer. The procedure receives the username as an input parameter, a ttSubjects and a ttSubjectFields temp table as input-output parameters, and a character output parameter that determines a working directory. The definitions for this procedure should be as follows:
DEFINE TEMP-TABLE ttSubjects NO-UNDO
FIELD cID AS CHARACTER
FIELD cTitle AS CHARACTER
FIELD cSystemName AS CHARACTER
FIELD cDescription AS CHARACTER
FIELD cSmartDataObject AS CHARACTER
FIELD lDynSDO AS LOGICAL
FIELD cTables AS CHARACTER
FIELD cParents AS CHARACTER
FIELD cBuffers AS CHARACTER
FIELD cIndexes AS CHARACTER
FIELD cLinks AS CHARACTER
FIELD bDynamic AS LOGICAL FORMAT ""true/false""
INDEX i1 AS PRIMARY UNIQUE cID.
DEFINE TEMP-TABLE ttSubjectFields NO-UNDO
FIELD cID AS CHARACTER
FIELD cTitle AS CHARACTER
FIELD cFieldName AS CHARACTER
FIELD cDataType AS CHARACTER
FIELD cLabel AS CHARACTER
FIELD cFormat AS CHARACTER
FIELD lAllowIndex AS LOGICAL
FIELD lAllowSort AS LOGICAL
FIELD lAllowContains AS LOGICAL
FIELD iExtent AS INTEGER
FIELD iWidth AS INTEGER
FIELD cExpression AS CHARACTER
FIELD cSvrFormat AS CHARACTER
FIELD cLookup AS CHARACTER
INDEX i1 AS PRIMARY UNIQUE cID cFieldName.
DEFINE INPUT PARAMETER ipcUserName AS CHARACTER NO-UNDO.
DEFINE OUTPUT PARAMETER opcUseDir AS CHARACTER NO-UNDO.
DEFINE INPUT-OUTPUT PARAMETER TABLE FOR ttSubjects.
DEFINE INPUT-OUTPUT PARAMETER TABLE FOR ttSubjectFields.
The username received by PAFilterSubjects is the username entered by the user when DataPA connects to the AppServer, if available, otherwise the users Windows username. DataPA will sometimes use temporary xml files to process subject filters. If you would like to specify a particular directory for DataPA to use for these temp files, set the opcUseDir output parameter to this directory.
The ttSubjects temp-table contains all the subjects available to the user, and the ttSubjectFields temp-table contains all the fields for each subject joined by the primary index. If you delete any ttSubjects records, the corresponding subject will not be available to the user. If you delete any ttSubjectFields records, those fields will not be available to the end user if they use the subject.
An example of the body code for PAFilterConnnection.p is as follows:
DEFINE VARIABLE lFound AS LOGICAL NO-UNDO.
DEFINE VARIABLE cGroups AS CHARACTER NO-UNDO.
RUN GetUserGroup(INPUT ipcUserName, OUTPUT cGroups).
FOR EACH ttSubjects:
lFound = FALSE.
FOR EACH ttSubjectFields OF ttSubjects:
IF NOT CAN-DO(""Finance"", cGroups)
AND ttSubjectFields.cFieldName = ""sports2000.Customer.Balance""
THEN lFound = TRUE.
END.
IF lFound THEN DELETE ttSubjects.
END.