In my last post I described the use of the SysQueryRangeUtil framework to filter forms and reports using dynamic values. In this post, I wanted to take this a step further and explain how using this framework in combination with record level security policies is a powerful combination.
As an example, say that a company wants to prevent purchasing users from viewing POs that do not belong to their site.
This is a fairly simple process:
Add a static method to the SysQueryRangeUtil class to calculate the user’s site
There’s a field on the Employee table (EmplTable) called Default Site (ReqSiteId) which is used for defaulting a site onto requisitions created by the user. This is also a good place to define the site that each employee belongs to. Now if we look at SysQueryRangeUtil.currentEmployeeId(), we find that the current employee ID is obtained through a single line of code.
By creating a new method called “currentEmployeeSite()” and slightly modifying the code used above, we can obtain the employee’s site.
Add a record level security policy to the purchasing security group
- Go to the Record Level Security form under Administration –> Setup –> Security and add a new policy
- Select the User Group the policy should apply to and click Next
- On the Tables page, select the Show All Tables radio button, expand Accounts Payable and check Purchase Orders
- Click Next and the Finish
- On the Record Level Security form, select the newly created record and click on the Query button
- Add a line to the Range grid as shown in the picture below
Test
Login as a user assigned to the user group with the new record level security policy. You should only see purchase orders tied to the Default Site in the user’s employee profile.This same approach can be used directly an RLS policy for the Inventory Dimension table, which will filter data on ALL forms that join to the InventDim table.
No comments:
Post a Comment