Open topic with navigation

 

Object Security

The advanced security model within KommerceServer supports user-defined roles and the ability to secure applications by page, by page module, and by data scope at the following two levels:

  • Row Level (i.e. record level) can limit the data access based on progressive data relationships:
  1. No Rows
  2. Rows related to Myself
  3. Rows related to My Business Unit
  4. Rows related to My Company
  5. Rows related to My Company and Affiliates
  6. Rows related to Companies I Represent (Sales Rep)
  7. All Rows
  • Column Level (i.e. Field Level) can limit access of specific data within returned rows/records as follows:
  1. Allow READ & WRITE
  2. READ Only
  3. No Access (Redacted)

KommerceServer encapsulates data tables as business objects so data scope is defined through object security. Pages in KommerceServer are aware of what business objects are used and therefore determine who has access to the pages based on the object security. When pages are loaded, KommerceServer will dynamically enable/disable controls on the page based on the security permissions for the user. For example, a page that is designed to modify an object may hide the Save or Delete button and disable editing of the fields if the user has only read-access to the underlined business object. It may be appropriate to simply deny access to a page if the page will ultimately be rendered read-only for a user in which case KommerceServer provides an override.

Businesses, Contacts, and Users

Within the KommerceServer SQL database are key objects involved in implementing the security model. First there are business entities (typically customers) that have one or more contacts associated with them. Each contact who has access to the website will have a user account defined. The user account will have one or more user roles which determine what the user can see and do on the website.

CRUD & Row-Level Security

Create, Retrieve, Update and Delete (CRUD) refers to the four major functions implemented in database applications. The CRUD functions serve as the user interfaces to databases. They allow users to create, view, modify and alter data. CRUD enables users to work on and manipulate entities in the KommerceServer database.

Row-Level Security enables you to control access to rows in a database table based on the characteristics of the user executing the query. It also enables you to implement restrictions on data row access. For example, you can use Row Level Security to ensure that certain KommerceServer users can only access the data rows that are pertinent to their user role.

Column-Level Security

Column-Level Security enables you to grant SELECT and UPDATE privileges to users for specific table columns. Users can retrieve and update data from only the columns they're authorized to change in your object security settings. KommerceServer's Column-Level security allows you to restrict access to specific columns within the database table.

Super/Sub-Domains

Super domains refer to the main KommerceServer database tables while sub-domains refer to the child/grandchild/etc. database tables in KommerceServer.