Chapter 4-8: Runtime Subroutine's and Predefined Processes

.UTIL CHECK RBS

This subroutine is called to check the security access for the specified user when Role Based Security is used.

Usage:

Description:

This subroutine is called to check the security access for the specified user when Role Based Security (RBS) is used. If you are not using Role Based Security, use .UTIL CHECK SECURITY instead.

The --- SECCHK RECORD is a required parameter, if it is missing the subroutine will CANCEL.

Using this subroutine, you can check to see if a specific user is allowed to run a specific process from a specific parent, or if the specific user has access to a record or field in a file.

Different fields are required and returned in --- SECCHK, depending on whether you are checking Process or File/Field security. The common fields are:

    SECCHK SECUSER RID

This is the Record Id (RID) of the specific user/role to be checked. In RBS, a user may have more than one Role and you need to indicate which Role you want checked. To determine which RID to use, read 0SA SECUSER by user id (possibly in a BEG READ/END READ loop), and GOSUB 0SA R/S – LOAD HIERARCHY for each record. You can then check SECDB DATABASE ID and / or SECDEPT DESC and/or SECWG DESC and /or SECROLE DESC to see if this is the DB/Dept/Workgroup/Role you are interested in. If so, use SECUSER RID, otherwise read next SECUSER

    SECCHK DB ID - The 3 character database id to be checked
    SECCHK ACL CONTEXT - The context to be checked, PROCESS, FILE or FIELD
    SECCHK SOURCE (Required if SECCHK ACL CONTEXT = PROCESS)
        One of:
        APP START to check processes started from the Database record, ie, the Live Operations menu of the startup application.
        USER START to check processes started from 0SA USER startup or the command line.
        SYSPARM to check Direct Process 1
        DEF INP to check processes invoked as Default Inputs from SCAN
        OPT CHILD to check optional children

For Processes:

    SECCHK PRNT AP ID - The Application Id of the Parent Process
    SECCHK PRNT TYPE - The Process Type of the Parent Process
    SECCHK PRNT NAM - The name of the Parent Process. Not Required if SECCHK SOURCE is not OPT CHILD
    SECCHK PROC AP ID - The Application Id of the Child Process
    SECCHK PROC TYPE - The Process Type of the Child Process
    SECCHK PROC NAM - The Process Name of the Child Process

Returns a Y, N or Blank in the following fields:

    SECCHK PROC RUN OK - Indicates if the user can run the process.
    SECCHK PROC ADD OK - Indicates if the user can add records to the PCF file.
    SECCHK PROC DEL OK - Indicates if the user can delete records in the PCF file.
    SECCHK PROC CHG OK - Indicates if the user can change records in the PCF file.

  If a blank is returned, it means the flag will be inherited from some parent process at runtime.

For Files:

    SECCHK FLD AP ID - The Application Id of the file to be checked.
    SECCHK FLD FI NAM - The File name to be checked.

 Returns:

    SECCHK FI ACC OK - Y or N indicating if the user has access to the file or not

For Fields:

    SECCHK FLD AP ID - The Application Id of the file to be checked
    SECCHK FLD NAM - The field name to be checked. Note that GROUP HEADER/TRAILERS and SYNONYMS do not have security, and will return the system defaults.

Returns

    SECCHK FLD VIEW OK - Y or N indicating if the user is allowed to view the contents of the field or not
    SECCHK FLD EDIT OK - Y or N indicating if the user is allowed to change the contents of the field or not

Application Design Manual                                         "Powered by Appx Software"

1287

©2006 By APPX Software, Inc. All Rights Reserved