Applicable Versions: 3.00.0078 Onwards


Users can only create or run queries for which they have subjects available. As such, user data access can be controlled by limiting the subjects. This means it is common to want different subjects available for different users.

The data location determines the location from which the setup files should be loaded. If the data location is set to an AppServer (see "How can I easily change my DataLocation so that my setup is stored centrally on an AppServer?"), and DataPA is configured to use XML setup Data (see "Can I store my setup data in a standard XML format rather than DataPA's proprietry dat format?"), DataPA will try to call a procedure called PAFilterSubjects.p in the PROPATH of the AppServer, passing the username and two Progress temp-table that contain all the subjects and their corresponding fields. If any of the subject records are deleted, the subject will not be available to the user and if any of the fields are deleted, the corresponding subject field will not be available to the end user.

The PAFilterSubjects procedure must be called PAFilterSubjects.p and reside in the PROPATH of the AppServer. The procedure receives the username as an input parameter, a ttSubjects and a ttSubjectFields temp table as input-output parameters, and a character output parameter that determines a working directory. The definitions for this procedure should be as follows:

DEFINE TEMP-TABLE ttSubjects NO-UNDO

 FIELD cID              AS CHARACTER

 FIELD cTitle           AS CHARACTER

 FIELD cSystemName      AS CHARACTER

 FIELD cDescription     AS CHARACTER

 FIELD cSmartDataObject AS CHARACTER

 FIELD lDynSDO          AS LOGICAL

 FIELD cTables          AS CHARACTER

 FIELD cParents         AS CHARACTER

 FIELD cBuffers         AS CHARACTER

 FIELD cIndexes         AS CHARACTER

 FIELD cLinks           AS CHARACTER

 FIELD bDynamic         AS LOGICAL FORMAT ""true/false""

 INDEX i1 AS PRIMARY UNIQUE cID.

 

DEFINE TEMP-TABLE ttSubjectFields NO-UNDO

 FIELD cID            AS CHARACTER

 FIELD cTitle         AS CHARACTER

 FIELD cFieldName     AS CHARACTER

 FIELD cDataType      AS CHARACTER

 FIELD cLabel         AS CHARACTER

 FIELD cFormat        AS CHARACTER

 FIELD lAllowIndex    AS LOGICAL

 FIELD lAllowSort     AS LOGICAL

 FIELD lAllowContains AS LOGICAL

 FIELD iExtent        AS INTEGER

 FIELD iWidth         AS INTEGER

 FIELD cExpression    AS CHARACTER

 FIELD cSvrFormat     AS CHARACTER

 FIELD cLookup        AS CHARACTER

 INDEX i1 AS PRIMARY UNIQUE cID cFieldName.

 

DEFINE INPUT PARAMETER ipcUserName AS CHARACTER NO-UNDO.

DEFINE OUTPUT PARAMETER opcUseDir   AS CHARACTER NO-UNDO.

DEFINE INPUT-OUTPUT PARAMETER TABLE FOR ttSubjects.

DEFINE INPUT-OUTPUT PARAMETER TABLE FOR ttSubjectFields.


The username received by PAFilterSubjects is the username entered by the user when DataPA connects to the AppServer, if available, otherwise the users Windows username. DataPA will sometimes use temporary xml files to process subject filters. If you would like to specify a particular directory for DataPA to use for these temp files, set the opcUseDir output parameter to this directory.

The ttSubjects temp-table contains all the subjects available to the user, and the ttSubjectFields temp-table contains all the fields for each subject joined by the primary index. If you delete any ttSubjects records, the corresponding subject will not be available to the user. If you delete any ttSubjectFields records, those fields will not be available to the end user if they use the subject.

An example of the body code for PAFilterConnnection.p is as follows:

DEFINE VARIABLE lFound AS LOGICAL     NO-UNDO.

DEFINE VARIABLE cGroups AS CHARACTER   NO-UNDO.

 

RUN GetUserGroup(INPUT ipcUserName, OUTPUT cGroups).

FOR EACH ttSubjects:

 lFound = FALSE.

 FOR EACH ttSubjectFields OF ttSubjects:

    IF NOT CAN-DO(""Finance"", cGroups)

    AND ttSubjectFields.cFieldName = ""sports2000.Customer.Balance""

    THEN lFound = TRUE.

 END.

 IF lFound THEN DELETE ttSubjects.

END.