Security example
This topic provides a HCL Compass security example based on hiding records.
This example of how to hide records is for a company with three customers: Logic Equipment, Widgets Inc., and Modern Software. You want to control records of the Defect record type so that your customers can access your production database to perform these tasks:
- Submit defects
- Check the status of their defects, either by running a predefined query or by creating a query
- Edit their existing defects
When Modern Software customers log in to the database, they must not see defects filed by Widgets Inc., Logic Equipment, or your own team. When a Modern Software customer creates a query in the HCL Compass Client, the only information in the result set is related to the defects submitted by other Modern Software customers.
This example describes the following procedures:
- Creating a security context field
- Adding the security context field to the form
- Applying the schema changes
- Creating the user groups
- Submitting the security context records
- Associating groups with each security context record
- Editing records to grant privileges to groups
These procedures require various user access permissions. You must have the super user privilege to complete the procedures listed in this example.
This example uses a schema based on the predefined DefectTracking schema, which contains Defect and Customer record types. This example assumes that the schema is checked out.
Creating a security context field
To control access to defect records, you create a security context field in a Defect record type that references the Customer record. You create the field in the Record Fields grid, add the field to the record form, and apply the schema changes.
A Security Context field must be a Reference field type. You can add more than one security context field. If you do, you must be a member of at least one of the groups that can see records of that type.
To create a Security Context field in the Defect record type:
- Start the Designer. Click and double-click Fields.
- In the Record Fields grid, create a field named customer_defects and select Reference as the field type. (You can create a field or use an existing Reference type field.)
- Right-click the customer_defects field and click Field Properties.
- In the Field Properties window, select the Customer record
from the Reference To list.
When you select the Customer record type from the Reference To list, the Security Context check box is selected.
A page named Ratl_Security is added to the Submit and default forms of the security context (Customer) record type. You use this page in the HCL Compass Client to select the groups that can view the record. (You can change the name of the Ratl_Security page. See Changing form page (tab) names.
As an example of adding more than one security context field to a record type, you might add a security context field that references the Customer record type and another security context field that references the Quality_Assurance record type. If you add customers to the Customer record type and members of your Quality Assurance group to the Quality_Assurance record, users in any of the group lists for those record types have access to the records under security control.
You might want to include a hook to populate the field, based on the user who logs in. This practice ensures that the field contains a valid value. You might also consider preventing users from performing certain actions. For example, you might allow only internal users to close a defect, and prevent your customers from deleting records. For more information, see Using other HCL Compass security features.
Adding the security context field to the form
After creating the customer_defects field, you must add it to the Defect record form.
To add the new customer_defects field to the Defect record form:
- Start the Designer.
- Click Defect_Base. and double-click
- In the Field List, select the customer_defects field and drag it to your form.
Applying the schema changes
After adding a new field, you must check in the schema and apply the schema changes to the user database. After you perform these steps, these changes cannot be reversed. For more information, see Customizing a schema.
Creating the user groups
You create the groups to be associated with the Customer security context record, add users to the groups, and update the user database with the new user information. For this example, you create user groups for Widgets Inc., Modern Software, and Logic Equipment, and then add users to these groups.
In your own security system, you can also use existing groups. You might want to create additional groups, such as a group that can view all records submitted by internal users, a group that can view all records submitted by all companies, or a group that can view all records, regardless of who submitted them.
For information about creating groups, see Creating a new user group and Adding users to a group.
Submitting the security context records
You submit a Customer record for each company that you want to provide access to your database: Widgets Inc., Modern Software, and Logic Equipment.
To submit the security context records:
- In the HCL Compass Client, click .
- In the Submit Customer window, submit customer records for Widgets Inc., Modern Software, and Logic Equipment.
You can also create groups that can view all records. If you create a group that can view all records, add this group to each customer record.
Associating groups with each security context record
Next you must associate specific groups with each security context record. In this example, you select the user groups to associate with the customer records submitted for Widgets Inc., Logic Equipment, and Modern Software. These groups contain the users to whom you want to grant privileges to view and change records.
To associate the groups with the Customer records:
- In the HCL Compass Client, create and run a query named All Customers that displays a list of all Customer security context records.
- Open the Widgets Inc. customer record and click the Ratl_Security tab. Then click .
- On the Ratl_Security page, select the Widgets Inc. group and click Add. Click Apply.
- Repeat Step 2 and Step 3 for the Modern Software and Logic Equipment records.
Editing records to grant privileges to groups
Next, you edit each defect record that you want customers to access, assigning a customer to the customer_defects field. This action gives the Logic, Widgets, Modern groups access to the record. This step assigns the value of the security context record to the security context field.
In the HCL Compass Client:
- Log on to the database that contains the defect records you want to control.
- Run a query on All Defects to see all defect records.
- Select and edit the record you want to control. For example, select the defect record with the headline, "spelling error in login screen."
- In the customer_defects list, select the customer you want to have access to this record. For example, select Widgets Inc. to give users in the Widgets_Inc group access to this record.
- Edit each record to grant privileges to the Logic Equipment and Modern Software groups also.
The work required to hide records is now complete.
A Widgets Inc. customer can now log in to your database and perform the following tasks:
- Edit existing defect records. The choice list shows only Widgets Inc.
- Run a query, chart, or report for the customer record type and see only the Widgets Inc. record.