Integrating Security into the Application

 Top  Previous  Next

MoreMotion Security System can be utilized to protect the accessing of MoreMotion units such as pages, data sources and process templates. The security can be implemented even on page parts to implement detailed protection functionality.

Protecting the pages from unauthorized access

You can configure the accessControl element in a page configuration. The following definition will allow only the users that are logged in to the system and that have CAN_VIEW_PERSONNEL_DATA privilege to see the page.

  <root>
    <accessControl checkPoint="CAN_VIEW_PERSONNEL_DATA" />
  </root>

See Page Configuration.
See accessControl Configuration Element

Protecting the data sources from unauthorized access

You can configure the accessControl element in a data source configuration. The following data source provides data for the users who logged in to the system and who has CAN_VIEW_SALARY privilege to see the page.

  <root>
    <dataSource name="wages" basedon="mor.RelDBQueryDataSource">
      <accessControl checkPoint="CAN_VIEW_SALARY" />
      <query>SELECT ID, SALARY FROM employees WHERE GRADE = @vof(GRADE)</query> 
    </dataSource>
  </root>

 
Protecting the process templates from unauthorized use

You can configure the accessControl element in a process template configuration. The following process template can only be executed by the users who logged in to the system and who has STOCK_ADMIN role.

  <root>
    <processTemplate name="CancelReservation">
      <accessControl checkPoint="IS_STOCK_ADMIN" />
      <callProcess name="ReleaseStock" /> 
      <callProcess name="RemoveReservationEntry" /> 
      <callProcess name="InformResponsibles" /> 
    </processTemplate>
  </root>

 

Protecting a command button from unauthorized use

In XSL StyleSheets you can test the existence of a checkpoint and display, e.g. a command button only if the user has a certain privilege

  <html><body><form>
   ...
    <xsl:if test="/root/mor_security_userinfo_main/checkpoints/CAN_DELETE_CUSTOMER">
      <input type="button" name="__pcommand" ...>
    <xsl:if>
   ...
  </form></body></html>

 

Protecting a table column from unauthorized browse

In XSL StyleSheets you can test the existence of a checkpoint and display, e.g. a table column only if the user has a certain privilege.

  <html><body><table border="1">
    <xsl:for-each select="/root/employees/item">
      <tr>
        <td><xsl:value-of select="NAME"/></td>  
        <td><xsl:value-of select="GRADE"/></td>  
        <xsl:if test="/root/mor_security_userinfo_main/checkpoints/CAN_SEE_SALARY">
          <td><xsl:value-of select="SALARY"/></td>  
        <xsl:if>
      </tr>
    </xsl:for-each">
  </table></body></table>