3 Replies Latest reply: Oct 16, 2012 11:07 AM by Henric Cronström RSS

    Section Access

      We use DMS Authorisation and use Custom users. I need a Custom user to be able to have ADMIN access rights to a document combined with other Customer users that must have simple USER access rights to certain subsets of data. I have implemented Section access to accomplish this but as soon as I try and login using the CUSTOM\DEMO user account and click on the document it gives me a "Failed to open document, You don't have access to this document" message.

       

      Below is my script, strangely if I substitute the * symbol with an actual numeric value for the IDENT field such as 12, I am then able to view the document and the data is restricted accordingly. What am I doing wrong? Any assistance will be greatly appreciated.

       

      STAR is *;

       

      Section Access;

       

      USERSLOCAL:

      LOAD * INLINE [

          ACCESS, NTNAME, IDENT

          ADMIN, CUSTOM\DEMO, *

      ];

       

       

      Section Application;

       

      USERACCESS:

      LOAD * INLINE [

          IDENT, CompanyFreqID

          12, 51

          12, 52

          13, 61

          13, 62

          13, 64

      ];

       

      LOAD * INLINE [

          CompanyFreqID, Company

          51, Company A

          52, Company B

          61, Company C

          62, Company D

          64, Company E

      ];

        • Re: Section Access
          Henric Cronström

          Unfortunately the star does not expand to all possible values. It expands to all values in the same table, only.

           

          I would use a generic key instead, e.g. "ALL" and map this to all IDENT. See more in the Tech brief on Generic Keys.

           

          HIC

            • Re: Section Access

              Thanks for your reply, however, I am still unsure what you mean by it "expands to all values in the same table, only". Can you please describe in my example what the "same table" is? I have worked through the tech brief but too be honest I still do not see how I can restrict some users to certain reocrds and others to see all data? I would really appreciate if you could demonstrate by means of an example. Thanks in advance

                • Re: Section Access
                  Henric Cronström

                  The script below should work. "All other values" means the other values in the USERSLOCAL table, i.e. in your script no other value of IDENT. If you had had a couple of other lines in this table, the star would expand to the values of IDENT on these lines.

                   

                  Section Access;

                  USERSLOCAL:

                  LOAD * INLINE [

                      ACCESS, NTNAME, %IDENT

                      ADMIN, CUSTOM\DEMO, <ALL>

                      USER, CUSTOM\USER, 12];

                  Section Application;

                   

                  USERACCESS:

                  LOAD * INLINE [

                      IDENT, CompanyFreqID

                      12, 51

                      12, 52

                      13, 61

                      13, 62

                      13, 64];

                   

                  BridgeTable:

                  Load IDENT, IDENT as %IDENT resident USERACCESS;

                  Load IDENT, '<ALL>' as %IDENT resident USERACCESS;

                   

                  HIC