All employees should be able to see the user interface for an IT Shop in a web front-end, without taking table and column permissions into account.
To do this, set up a new application, for example WebShop_Customer_Prd, and adapt the configuration data as follows:
<DialogUserDetect>
<Usermappings>
</Usermappings>
</DialogUserDetect>
Create a new WebShop_Customer_Grp permissions group, which receives the user interface for the application comprising the menu items, interface forms and task definitions. The user interface could consist of the following menu items:
-
Employee contact data
-
Requesting a product
-
Unsubscribing a product
Define a new dlg_all system user and include it in the vi_DE-CentralPwd, the vi_DE-ITShopOrder, and the WebShop_Customer_Grp permissions groups.
Related topics
The scenario described in the previous example is extended such that only the cost center manager can see an employee’s leaving date. You need to add the input field LeavingDate to the contact data form to do this.
Permissions are used for controlling viewing and editing. Set up a new dlg_kst system user and include the system user in the vi_DE-CentralPwd, vi_DE-ITShopOrder and WebShop_Customer_Grp permissions groups. You should also give the system user read and write permissions to the Person.Exitdate column.
Extend the application configuration data in such a way that the cost center managers use the dlg_kst system user to log in. All other employees use the dlg_all system user to log in.
Change the configuration data as follows:
<DialogUserDetect>
<Usermappings>
<Usermapping
DialogUser = "dlg_kst"
Selection = "select 1 where %uid% in (select uid_personhead from profitcenter)"
/>
<Usermapping
/>
</Usermappings>
</DialogUserDetect>
Related topics
To assign function groups to permissions groups you have to define two database views. The first database view shows the assignment of employees to function groups. The database view contains two columns, UID_Person and FunctionGroup.
Example:
create view custom_Person2Fu as
select uid_personHead as UID_Person, 'Cost center manager' as FunctionGroup
from Profitcenter
where isnull(uid_personHead, '') > ' '
union all
select uid_personHead, 'Department manager' as FunctionGroup
from Department
where isnull(uid_personHead, '') > ' '
The second database view assigns function groups to permissions groups. This database view contains two columns, FunctionGroup and DialogGroup.
Example:
create view custom_Fu2D as
select 'Cost center manager' as FunctionGroup, '<UID_Custom_Dialoggroup_ChefP>' as DialogGroup
union all select 'Department manager', '<UID_Custom_Dialoggroup_ChefD>'as DialogGroup
Set up role-based permissions groups with the required permissions.
TIP: A role-based permissions group can inherit from a non role-based permissions group. This allows you to build up an inheritance hierarchy to making it easier to grant permissions.
Change the configuration data for assigning function groups to permissions groups as follows:
<DialogUserDetect>
<FunctionGroupMapping
PersonToFunction = "custom_Person2Fu"
FunctionToGroup = "custom_Fu2D"
/>
</DialogUserDetect>
Related topics
When a user logs in, a validity check is run. Use the settings to configure additional options.
-
The system runs additional validity checks to prevent users from working with established connections, if they were deactivated after they logged in. The check takes place with next action on the connection after a fixed interval of 20 minutes.
You can adjust the interval in the Common | Authentication | CheckInterval configuration parameter. In the Designer, edit the configuration parameter.
-
The number of session that a user can open within a short time is limited to 10 session a minute.
If this number is exceeded, the user is sent an error message.
You have logged in too often in the last minute. Please wait a moment before you log in again.
This check is done for each front-end if the login is local. If the login is on the application server, it is checked for each application server.
You can modify the number of sessions in the Common | Authentication | SessionsPerUserAndMinute configuration parameter. In the Designer, edit the configuration parameter.
-
Use the QBM | AppServer | SessionTimeout configuration parameter to add the timeout in hours, after which inactive application server sessions are closed. The default value is 24 hours. In the Designer, edit the configuration parameter.
