Security in Attributes and Variables

WorkWithPlus also provides the possibility to assign security to attributes and variables. There are two kind of attribute's security:

  • Show/Hide Security : will allow the administrator of the application to configure to which roles this attribute will be visible. If some user do not have permission to visualize it, the attribute will be hidden automatically in all the WebForms where it appears (Transaction, Selections and ExtraSelections including ColumnsSelector, View, Prompt and in the WebPanels created using templates)
  • Edit/ReadOnly Security : will allow the administrator of the application to configure to which roles the attributes that have this security enabled will be editable or read only.

Each attribute will have these properties in their definition. So, you will be able to define for every attribute which security will have enabled (it can be one of them, both or none).

For the case of the variables, the type of security that is available is Show/Hide Security and will allow the administrator of the application to configure to which roles this variable will be visible. If some user do not have permission to visualize it, the variable will be hidden automatically.

It is important to have in mind that every time that we change some 'Security Functionality Key' (in this case enabling Security to some attribute) and we want to impact these changes in the application at runtime, we have to follow the steps of the section Update Security Functionalities of Advanced Security or GAM (depending on the Security that we have enabled):

Then, at runtime, the administrator will configure the security of the attributes for each role, in the same way that he configures the whole application security (security for objects, modes of a transaction, etc).

IMPORTANT: WorkWithPlus uses 'Enable' and 'Visible' GeneXus commands in order to implement security for attributes. There is an issue of GeneXus with this commands in which an expert user could inspect the HTML of the application at runtime (for example, in Internet Explorer pressing F12) and violate this security.