The fastest easiest way to get it right.

Column Security

Column security allows you to limit which columns in a table that particular groups can see. You can allow any particular group read-only access to a column, or read-write access.

The syntax is described here: 

# Assume a group of super-users
group admins:
    description: Super users
    permsel: Y
    permins: Y
    permupd: Y
    permdel: Y 

table example:
    module: whatever
    uisequence: 500
    description: Example Table

    
    column mysalary:
        group admins:
            permsel: Y
            permupd: Y

The two permissions 'permsel' and 'permupd' determine whether the user can see the column and update the column.

Understanding Column Security

Column security works a little differently than module and table security. In particular:

  • All tables by default have no column security, all users can see all columns (assuming they can see the table).
  • If even one column security assignment is made, all groups are denied access to the column (except for the group being given access).
  • Therefore, column security assignments are usually made by saying who can see the column. There is no reason to specify which groups cannot see the column.

Implications For Web Programming

Because PostgreSQL does not directly support column security, Andromeda accomplishes it by denying all access to the base table and creating different views that reflect the various combinations of permissions that might exist for different groups.

Because of this, if you code manual queries like "Select mysalary from example" the queries will break because all access to the table is denied.

But Andromeda can tell you at run-time which view is appropriate for the currently logged in user. When coding manual queries, it is a good idea to always use the ddView() function to obtain the name of the view: 

$view    = ddView('example');
$sql     = "Select * from $view";
$allrows = Sql_allRows($sql);

Andromeda Admin Screens

The Andromeda admin screens automatically adjust to column security. If a user is not allowed to see a column, it does not appear at all on the admin screen.

As with all user interface features, this feature is not meant to enforce the security measure, that is done in the server. This feature simply follows the rule of only showing the user what is relevant to them.

User Comments

There are no user comments yet on this page.

Add A Comment

Comments will not appear until after they are moderated. Comments are usually moderated within a few hours on weekdays, but may take longer on weekends and holidays.

Name or nickname: (This will appear with your comment)


Email (this will never be displayed)


Enter your comment here. Use [b] and [/b] for bold, [i] and [/i] for italic, and [pre] and [/pre] for code samples. All literal HTML and PHP that you enter will be escaped out and displayed as you enter it.


Home |  Documentation |  Download |  Credits |  Contact |  Login
Andromeda © Copyright 2004-2010, Licensed under the GPL Version 2