Dynamic Security

The default security model used by Vitalware is static in nature. User and Group privileges are defined in the Registry and loaded into a module when it is invoked. Once invoked, the security of the module remains the same throughout its lifetime. If a user can change the contents of a given field, then they can change it for all records (assuming Record Level Security allows the record to be modified). In some instances it would be useful to allow some security settings to be altered based on information stored in the current record.

For example:

  1. The Data Entry group are able to change all fields on unregistered records and only non-certificate fields on registered records. The security model in versions of Vitalware prior to Vitalware 2.3 does not provide a mechanism for implementing this requirement via Registry settings. It is possible to "hard wire" such functionality into the Vitalware client, however it becomes very difficult to change as new requirements arise.

    What would be useful is a mechanism that allows access to a column to be modified based on the contents of the record.

  2. Similarly, you may require certain fields to be filled depending on the type of record. For registration records you may require the Informant information to be specified, while for Index records this information should not be specified (in fact, it should not even be shown). The Vitalware Mandatory Registry entry allows a field to be defined as mandatory, however it is not possible to use this Registry entry to specify conditional mandatory settings.

    As with the first example, it would be useful to allow the mandatory setting for a field to be set based on the contents of the record.

  3. Alternatively, you may want to alter Record Level Security settings based on the contents of data within the record when the record is saved. One such requirement may be that records whose record status is set to Voided may only be edited by users in group Admin. Such a feature can be "hard wired" into the database server.

    However a solution that uses the Registry would provide a more flexible mechanism.

Vitalware 2.3 onwards has three Registry entries which provide for a flexible and dynamic security model that can adapt based on the data stored within a record:

  • The Column Access Modifier Registry entry handles the first example above, that is the ability to alter column access based on the contents of the record.
  • The Mandatory Modifier Registry entry handles the second example above, that is the ability to adjust mandatory settings based on the contents of the record.
  • The Security|Update Registry entry provides for the third example, that is the ability to change Record Level Security based on the contents of the current record.

    Note: Click the links above for full details of each entry.

The combination of the these facilities provides a useful mechanism for altering the Vitalware security settings dynamically. The use of dynamic security allows very flexible security models to be implemented.