Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi everybody,
Is there any restriction loading NTNAME or USERID fields having '*' values on the previous load in a Section Access table ?
Thank you
Previous Load ?? As far i came across no..
Let me see if I understand, you want to load the USERID field with a '*'? Usually the * is used for a USERID to have access to everything, and this is done like this:
Section Access;
LOAD * inline [
ACCESS, USERID, REDUCTION
ADMIN, DOMAIN\USER1, USER1
USER, DOMAIN\USER2, USER2
USER, INTERNAL\SA_SCHEDULER,,,*
];
Section Application;
Star is *;
REDUCT:
Load * InLine [
REDUCTION, CONTRY
USER1, *
USER2, USA
];
I may not have understood your questioning. =]
Yes previous load..
example:
SECURITY_TMP1:
LOAD ACCESS,
NTNAME
FROM..
SECURITY_TMP2:
load ACCESS,
'*' as USERID,
NTNAME,
Resident SECURITY_TMP1:
as soon as i Re-call the USERID with a resident (after I put the '*' on it), section access don't work anymore (and If I don't add some Administrators giving them a USERID Value and an * on the NTNAME) I loose the document..
the only way is when I I call the table with a resident, is to Create again that field ('*' as USERID).. so don't make sense to insert '*' values before the last load.
I work with both NTNAME and USERID fields because I'm using two server (on DEV and one PROD).
on the PROD I use NTNAME and Put '*' on the USERID
on the DEV I use USERID and put '*' on the NTNAME (to manually insert access and test the restrictions and verify that everything is working good on the section access)
Did you understand how USERID calling here? and What is the diff between USERID and NTNAME
Yes, our customers values are on the NTNAME and on the USERID we use the network administrators accounts, so we use both
Why not just using two different section access statements and branching them with something like:
if ComputerName() = 'Prod' then
SectionAccess1
else
SectionAccess2
end if
- Marcus
That's exactly what I have now in front of me.. a variable using ComputerName().. it didn't work because I've tried:
If( not match(that_variable,'server1','server2')
put * on the NTNAME and use NTNAME as USERID (to be able to enter manually the creditentials)..
else
* as USERID, NTNAME
it didn't work because we have two PROD server, one dedicated to the publisher and one dedicated to the reload..
(but this is another problem..)
my question like you can read above, is that '*' values are not recognized anymore if load them using resident
here is the security I've implemented and managing today:
Section access;
// ADMIN_ACCESS (NO RESTIRICTION)
SECURITY:
LOAD ACCESS,
NTNAME
FROM
// JOIN ALL THE BU, ALL THE G21 AND ALL THE G3 AND ALL THE SALES_MAN FOR ADMIN_ACCESS
left join
load distinct
BU,
'ALL_CUSTOMERS' as G21_SECURITY,
'ALL_CUSTOMERS' as G3_SECURITY,
'ALL_CUSTOMERS' as SALES_MAN_SECURITY
resident BusinessUnit;
// DIVISION_ACCESS (RESTRICTED BY BU)
concatenate (SECURITY)
load *,
'ALL_CUSTOMERS' as G21_SECURITY,
'ALL_CUSTOMERS' as G3_SECURITY,
'ALL_CUSTOMERS' as SALES_MAN_SECURITY
FROM
// G12_ACCESS (RESTRICTED BY BU, G21, G3,SALES_MAN)
TMP_KAM:
load 1 as Flag_anticoncatenate,
ACCESS,
upper(NTNAME) as NTNAME,
upper(BU) as BU,
upper(G21) as G21_SECURITY,
upper(G3) as G3_SECURITY,
upper(SALES_MAN) as SALES_MAN_SECURITY
FROM
// CONCATENATE G12_ACCESS TABLE ON THE SECURITY TABLE
concatenate (SECURITY)
load ACCESS,
NTNAME,
BU,
G21_SECURITY,
G3_SECURITY,
SALES_MAN_SECURITY
resident TMP_KAM;
// GIVE A USEDID (*) FOR ALL THE USERS AND CREATE THE SECURITY KEY
SECURITY_WINDOWS_TMP:
load ACCESS,
'*' as USERID,
NTNAME,
BU&'|'&G21_SECURITY&'|'&G3_SECURITY&'|'&SALES_MAN_SECURITY as KEY_SECURITY
resident SECURITY;
drop table SECURITY;
drop table TMP_KAM;
///////////////////////////////////////////// START SCRIPT CHECKING THE DEV AND PROD ENVIRONMENT TO SWITCH NTNAME AND USERID (ASKING FOR CREDITENTIALS ON LOCAL AND DEV) ///////////////////////////////////////
//IF ON LOCAL MACHINE OR DEV SERVER (ASK FOR CREDITENTIALS)
TRACE $(vComputerName);
IF NOT Match('$(vComputerName)','LOO9-S00QV1','LOO9-S00QV2') THEN
SECURITY_WINDOWS:
NoConcatenate
LOAD ACCESS,
'*' as NTNAME,
NTNAME as USERID,
KEY_SECURITY
Resident SECURITY_WINDOWS_TMP;
DROP Table SECURITY_WINDOWS_TMP;
// SERVER_ACCESS (BACKUP ACCESS AND NETWORK ADMINISTRATOR)
concatenate (SECURITY_WINDOWS)
load ACCESS,
USERID,
NTNAME,
KEY_SECURITY
FROM
//ELSE IF ON PRODUCTION SERVER MACHINE (APPLY NORMAL SECURITY)
ELSE
SECURITY_WINDOWS:
NoConcatenate
LOAD *
Resident SECURITY_WINDOWS_TMP;
DROP Table SECURITY_WINDOWS_TMP;
// SERVER_ACCESS (BACKUP ACCESS AND NETWORK ADMINISTRATOR)
concatenate (SECURITY_WINDOWS)
load ACCESS,
USERID,
NTNAME,
KEY_SECURITY
FROM
ENDIF
///////////////////////////////////////////// END SCRIPT CHECKING THE DEV AND PROD ENVIRONMENT TO SWITCH NTNAME AND USERID (ASKING FOR CREDITENTIALS ON LOCAL AND DEV) ///////////////////////////////////////
Section Application;
finally the test detecting the DEV and PROD is not working yet because it is not working with the ComputerName(), I will maybe try to detect the name of the harddrive on which the app is copied.
but the GREYED part is the part that present a problem for me, I removed the test, If I don't remove this part (and so loading a previously '*' values on USERID) the section access don't work anymore