Edit/ReadOnly Security for attributes is useful when you have some attributes that can be editable just by some group of users (grouped in one or more roles). So, you will enable this kind of security for each attribute needed (you could do it for all the attributes also).
In order to enable Edit/ReadOnly Security to some attribute in particular, you have to set the property 'Enable Edit/ReadOnly' of the attribute's definition to True.
You can visualize below an example of the property for 'PersonLastName' attribute:
After you enable the Edit/ReadOnly Security, the property 'Edit/ReadOnly Security Functionality Key' appears. This property will set the name of the permission that the attribute will have for defining whether that attribute will be editable for some role (the default values for both properties are taken from WorkWithPlus Configuration -> Security (Advanced Security or GAM ).So, if you want to enable Edit/ReadOnly Security to all the attributes of your application, you should change the property 'Default Enable Edit/ReadOnly Security' from WorkWithPlus Configuration -> Security (Advanced Security or GAM) to True.
It is important to have in mind that every time that we change some 'Security Functionality Key' and we want to impact these changes in the application at runtime, we have to follow the steps of the section Update Security Functionalities of Advanced Security or GAM (depending on the Security that we have enabled):
Then, after following the steps above and making build all, you can visualize the changes at runtime (the security for attributes using Advanced Security or GAM is the same from developers point of view, the only difference is that they use different objects in order to configure the permissions of each role).
John with role 'New Role' logs in to the application, and he doesn't have permission to edit PersonLastName, so it will be shown as read-only in Person transaction:
Now the administrator logs in to the application and gives permission to 'New Role' role to edit PersonLastName attribute:
John logs in to the application, and goes to edit some Person:
The example for Edit/ReadOnly attributes using advanced security is the same, the only thing that changes is the objects in order to configure the permissions of each role.
|