System Administration

Register Custom Security Definitions

NOTE: This section only applies to custom components.

Use a security definition to:

  • Tie rules to events, so that for example, when a user is removed from a security role, the user is removed from associated template roles in Mass Maintenance.
  • Assign a key to limit a user’s access to content.

    NOTE: Security definitions are assigned to roles. When a user is assigned to a role, the key value(s) assigned to the role’s security definition(s) restrict the user’s access to that content only. It does this in two ways, either:

    • By assigning the security definition to a page, or
    • By registering rules to security definition events

Security definitions are assigned to roles and restrict access or run rules for the users assigned to roles. Refer to Assign Keys to Security Roles for more information.

To view the security definitions assigned to a page, select Admin > Security Management > Security Pages in the Navigation pane, and click the Security Definitions icon.

This topic contains the following sections:

Add a Custom Security Definition and Key

To register custom security definition for a custom WebApp in System Administration:

  1. Select Security > Security Management > Security Definitions in Navigation pane.
  2. Click Add.

    View the field descriptions for the Security Definitions page

  3. Enter a unique name of the definition in SECURITY DEFINITION NAME field.
  4. Select a data source where the view for the security definition is stored from DATA SOURCE ID list box.
  5. Select the view created in the Create a View section from DATA VIEW list box.

    NOTE: Only views that reside in the DATA SOURCE ID are available in the DATA VIEW list box. This view must reside in the selected data source and must be named as web*Sec. The columns in this view are used to restrict user access on pages where the security definition is applied. The view can also contain a column named “FriendlyName” that is used as a display value by on-site administrators when selecting specific key values.

  6. Enter a brief description or explanation of the security definition in DESCRIPTION field.
  7. Click Save.
  8. Click Keys button to define key columns within the DATA VIEW that contain values by which security can be administered.

    NOTE: If defining multiple keys, additions, deletions and updates to keys must be done during a single editing session.

  9. Click Add.

    View the field descriptions for the Security Definitions Keys page

  10. Select a column within the view from COLUMN NAME list box that contains values by which security can be administered.
  11. Click Save.

The key value used by the security definition is set at the security role level on the Security Role Key Values page. Refer to Add Keys to a Security Role for more information.

Add a Rule to a Security Definition Event

NOTE: This section only applies to custom components.

A security definition can be assigned a rule that runs when a security definition event occurs. For example, a delivered security definition for Mass Maintenance contains an event called System Administration - Users - Before Delete. That event, which runs when a user account is deleted, runs a rule (a stored procedure) to remove access for the deleted user from the Mass Maintenance template role.

Security definition events and rules are included for delivered WebApps and cannot be updated.

Users can create custom rules for security definition events for custom WebApps.

The following security-related events can have rules registered to them:

  • System.Administration - Users - BeforeDelete - Runs rule when a user account is deleted
  • System.Administration - Security Role Users - AddUsers - Runs rule when a user is added to a security role
  • System.Administration - Security Role Users - RemoveUsers - Runs rule when a user is removed from a security role
  • System.Administration - Security Role Key Values - AddKeys - Runs rule when a key value is added to a security role
  • System.Administration - Security Role Key Values - RemoveKeys - Runs rule when a key value is removed from a security role
  • System.Administration - Security Roles - BeforeDelete - Runs rule when a security role is deleted
  • System.Administration - User Specific Keys - AddKeys - Runs rule when a key value is added for the user on the User Specific Keys page
  • System.Administration - User Specific Keys - RemoveKeys - Runs rule when a key value is removed from the user on the User Specific Keys page
  • System.Administration - User Roles - UnassignToRole - Runs rule when a user is unassigned to a security role
  • System.Administration - User Roles - AssignToRole - Runs rule when is assigned to a security role
  • System.Administration - User Roles Staging - UnassignToRole - Runs rule when a user is unassigned to a security role on the User Roles Staging page
  • System.Administration - User Roles Staging - AssignToRole - Runs rule when a user is assigned to a security role on the User Roles Staging page

To add a rule to an event for a custom security definition:

  1. Select Admin > Security > Security Management > Security Definitions in the Navigation pane.
  2. Click the Events icon for a custom security definition.
  3. Click the Rules icon for an event.
  4. If no records exist, the page displays in add mode. Otherwise, click Add.

    View the field descriptions for the Security Definition Event Rules page

  5. Enter a value in the PRIORITY field.

    NOTE: If multiple rules are registered to an event, this value sets the order the rules run.

  6. Select the data source that stores the rule in the DATA SOURCE ID list box.
  7. Select the rule, a stored procedure, in the BUSINESS RULE list box.
  8. Check the ACTIVE check box.

    NOTE: By default, the check box is not checked, which means the rule does not run.

  9. Add a description of what the rule does in the COMMENT field.
  10. Click Save.