Jump to content
The ibi Community has moved to a new platform: Please Sign In and choose Forgot Password to continue

Sorry for the long title. We have a situation where we have ...


Warren Hinchliffe

Recommended Posts

Yea MartinY, good idea.

I did an experiment, I put the component master in a folder not on the APP PATH and the business view in a folder on the APP PATH. It didnt work until I coded the business view to explicitly reference the app folder and master:

CRFILE=app/file.mas

 

The BV works in Designer and does not show the app folder with the master to the Designer developers. Not sure how well the synonym GUI tool(s) support this.

Also, I seem to remember an optional security setting that prohibits users from accessing non-app path files which would seem to invalidate this solution.

Link to comment
Share on other sites

Sorry for the long title.

We have a situation where we have a multi tenant setup (separate and secure master files for each tenant), but we want to keep those masters invisible to the users when we open up designer and only make their Business Views visible.

Any Suggestions

Security has been implemented as per Configuring Security Templates for Multi-Tenant Environments, but this allows access to all masters including business views.

I have tried creating a separate template, but it seems to be ignored (assuming only one per user is possible)

Link to comment
Share on other sites

Did you consider setting up a security role to restrict access to the files Or is it only specific masterfiles that you would like to hide

In my configuration we are using the WFRS to authenticate the user. This means we can use Active Directory groups to apply specific permissions to the App folders. This is how I restrict access to certain masterfiles.

 

2.png1316371 23.4 KB

Link to comment
Share on other sites

One other thought, you can take advantage of special characters in metadata file names.

I created a gg^sales.mas and .foc. I was able to

TABLE FILE gg^sales

PRINT *

END

 

and see output. Then when I went into Designer I didnt see gg^sales. I assume that if you built a business view off of masters it could work.

Link to comment
Share on other sites

Waz

I have 8.2.07.25 and I set up a multi-tenant domain with a separate app folder called tenant1. I copied a business view with crfile references to the real master files in a different app folder into the tenant1 folder. That is the only folder in the app path for that tenant and everything worked great for me. I could not find the doc Configuring Security Templates for Multi-Tenant Environments in the security and administration manual or the best practices manual so I am not sure what that had you do.

Link to comment
Share on other sites

I have got a solution from TechSupport.

Simply it involves turning list off for the tenants masters /customer/tenant but turning on list for the business views /customer/tenant/busviews, this is done via the template setup under access control and setting the privileges against the Model Group and a new sub directory (busviews) under the Model Group.

Model Group has Read and Execute only, no List privilege.

Model Group/busviews has Read, Execute and List privileges

So when a user tries to access the masters they get an empty tenant directory but get the list of business views under the busviews sub directory.

The final step, due to navigation through many levels (customer/tenant/busviews), it was suggested to add an APP MAP to the location so a new app directory of busviews is created.

As our environment uses Security Center Groups for tenants the APP MAP was simple.

Effectively APP MAP busviews &APPROOT|/customer/&FOCSECGROUP|/busviews.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
  • Create New...