[AccessD] Classes and events - security framework

John Colby jwcolby at gmail.com
Fri Aug 28 14:29:29 CDT 2020 

About halfway through the design of the call center, we realized we needed
to control editing of data.  I had long used an Active / trash flag in
every table so that records were not deleted, but rather set to inactive or
trash (by the delete).  This allowed undeleting by clearing the trash flag,
and allowing records in forms to be "hidden" by the active flag being
cleared.  Only supervisors could get at these fields in the records.

So for security I created a Groups / users / UsersGroup tables.  The old
switchboard form things so famous back in the day would force a login as it
opened.  Once the user was validated the security framework now knew the
groups that user belonged to.  We kept it somewhat simple with data entry,
supervisor, managers etc.

Forms could then set the visible and enabled properties to false for
specific controls.  If a user belonged to groups which allowed a given
control to be visible, the control wrapper class would set the visible
property true, unhiding an otherwise hidden control  Likewise with enabled
property.  This handled the cases where given groups couldn't view (for
example) salaries, or could view but not edit and so forth.

As importantly, we wanted only certain groups to be able to open the edit
forms in the OnClick of the combos and lists.  Generally only supervisors
could edit that data (who could do what).  Thus a control could filter the
OnClick to disallow a given user from opening the forms that allowed adding
/ editing / deleting data in tables behind combos and lists.

This is all trivial to do if every control and every form automatically
receives a wrapper class, and so can check and implement security rules.

It was all table driven with specific forms able to be edited, opened and /
or viewed by specific groups, iow a Form - group M-M table with edit / view
fields.

The key to it all of course is a framework where every object, every form,
every control is "smart" because the framework makes it so.  The security
framework is of course also a set of classes loading the security data into
lists as the app loads.  Then the physical layer, the forms and controls
can ask the security framework what is allowed as each form loads.

-- 
John W. Colby
Colby Consulting

More information about the AccessD mailing list