Role Based Security

Owned by Vienna Advantage
Last updated: Oct 19, 2023 by Gaurav
1 min read

We login in the system with a particular role. Now to fetch data according to login role access, framework provides below function. Developer can use this function according to requirement after select query. 

  

On Server Side 

Function Name 

Description 

MRole.GetDefault(ctx).AddAccessSQL(string sql, string tableName, Bool isFullyQuilified, Bool isRO); 

  

Parameter 

Ist parameter (String sql):  Pass SQL query 

  

2nd parameter (String tableName):  Pass table name on which check role accessibility 

  

 3rd parameter (Bool): Pass bool value (MRole.SQL_FULLYQUALIFIED), 

It makes column AD_Client_ID and AD_Org_ID fully qualified by append passed tableName in 2nd parameter 

  

4th parameter(Bool): Pass Bool Value  (MRole.SQL_RO or MRole.SQL_RW

  

If pass MRole.SQL_RO, It fetches System level record and login client level records.  

For example It appends WHERE Clause in SQL query like (SQL:  WHERE AD_Client_ID IN (0, LoginClientID) AND AD_Org_ID IN (0,orgID1, orgID2,..)). 

  

If pass MRole.SQL_RW 

It fetches only login client level records.  

For example It appends WHERE Clause in SQL query like (SQL:  WHERE AD_Client_ID IN (LoginClientID)).  Further function appends organization according to current role access. 

 

For example 

  

string sql=”SELECT * FROM C_Order”; 

sql = MRole.GetDefault(ctx).AddAccessSQL(sql, “C_Order”,MRole.SQL_FULLYQUALIFIED,  

MRole.SQL_RO); 

  

Suppose login client id is 11 and organization id is 121 then Sql query become like 

Sql:  “SELECT * FROM C_Order WHERE C_Order.AD_Client_ID IN (0,11) AND C_Order.AD_Org_ID IN(0,121)”