• A5_ADD_NEW_GROUP Function
• A5_ADD_NEW_USER Function
• A5_ASSIGN_USER_TO_GROUPS Function
• a5_audit_trail Function
• A5_CHANGE_PERMISSION Function
• A5_CHANGE_USER_PASSWORD Function
• A5_CHANGELOGGEDONUSER Function
• a5_changelogonpassword Function
• A5_Decrypt_Binary Function
• A5_Decrypt_String Function
• A5_DELETE_GROUP Function
• A5_DELETE_USER Function
• A5_Encrypt_Binary Function
• A5_Encrypt_String Function
• A5_GET_GROUP_ASSIGNMENTS Function
• A5_GET_GROUPS Function
• A5_GET_USER_ASSIGNMENTS Function
• A5_GET_USERS Function
• A5_GetAttemptedUser Function
• a5_getAuthTokensFromAuthTable Function
• a5_getTwoFactorAuthenticationSettings Function
• A5_GROUP_HAS_PERMISSION Function
• A5_HAS_PERMISSION Function
• a5_prompt_for_key Function
• A5_SEC_GET_GID Function
• a5_secencryptpwd Function
• A5_SecGroupHasPermission Function
• A5_Security_Option Function
• A5_SecurityEnabled Function
• a5_setTwoFactorAuthenticationSettings Function
• A5_USER_GROUPS_DIALOG Function
• A5_USERBELONGSTO Function
• a5Helper_getAuditInfoFromSQLStatement Function
• a5Helper_SQL_ApplySecurity Function
• a5Helper_writeToAuditingLog Function
• a5upsize_prompt_primarykey Function
• a5w_rulesave Function
• a5w_rulesenum Function
• a5w_rulesload Function
• a5wcb_googleAuthenticatorQRCode Function
• a5ws_add_oauthuser Function
• a5ws_cleanpagesecurity Function
• a5ws_getaltloginlistforcurrentuser Function
• a5ws_importusers Function
• a5ws_randompassword Function
• a5ws_refreshpasswordencryptionutility Function
• a5ws_reloadWebSecurity Function
• a5ws_saveuserswithdialog Function
• a5ws_validateuserswithdialog Function
• a5ws_verifysqldataconfig Function
• API_GETUSERS Function
• BP_BUTTON_PASSWORD Function
• DB_HAS_PASSWORD Function
• getsecurityintegritylevel Function
• rsa_hash Function
• security_enable Function
• security_enabled Function
• security_execution_level Function
• security_expression_set Function
• security_variables Function
• USER_GROUPS Function
• USER_NAME Function
• Web Security Functions

a5Helper_SQL_ApplySecurity Function

Syntax

Arguments

sqlCharacter

The SQL Statement to which security will be applied.

securityDefCharacter

A JSON object that defines the security settings and show/hide expression for selected columns in the SQL statement. Has the following properties:

columnCharacter

The column in the SQL statement. This must match the parsed SQL representation for the column. See example below.

securityCharacter

A comma delimited list of the security groups authorized to see this column.

showHideexpression

A logical expression that evaluates to true or false. Typically the expression will reference session variables.

loggedInGroupsCharacter

The security groups for the current user.

Description

Applies security to a SQL SELECT statement. Only applies if the SQL statement can be parsed.

Discussion

Applies security and server-side show/hide expressions to a SQL SELECT statement. Columns that the current user is not authorized to access will be removed from the SQL SELECT statement.

The SQL statement passed to this function must be parsable. If Alpha Anywhere cannot parse the statement (e.g. the SQL is a call to a stored procedure), the function returns the original SQL statement.

If a column does not have a security setting or server-side show/hide expression, it will be included in the SQL statement.

If a column has a defined security setting, the column will only be included in the SQL statement if the logged in user is a member of one of the security groups specified by the column's security settings.

If a column as a show/hide expression, the column will only be included in the SQL statement if the expression evaluates to a true result.

The column specify in the securityDef must match exactly how the SQL parser represents the column. For example, consider the following column expression

concatenate(customers.name , ', ', customers.contacttitle)

The meaning of this expression is unchanged if the expression is written as:

concatenate(     customers.name     , ', ',     customers.contacttitle   )

However, this is not how the expression is represented in the SQL parser. To get the correct representation of the expression, you can use the code below:

dim si as sql::Query::SelectItem
sql2 = "concatenate(   customers.name   , ', ',   customers.contacttitle)"
?si.Parse(sql2)
= .T.

?si.SQLStatement
= "concatenate(customers.name, ', ', customers.contacttitle)"

Example

sql = <<%str%
SELECT customers.CustomerID as cid, customers.CompanyName as compName, customers.ContactName, customers.ContactTitle, concatenate(customers.name,', ',customers.contacttitle) as exp1, orders.OrderID, orders.CustomerID AS CustomerID1, orders.EmployeeID, orders.OrderDate, orders.RequiredDate 
FROM customers customers
 INNER JOIN orders orders
 ON customers.CustomerID = orders.CustomerID
%str%
 
'define the
dim ss[0] as p
i = ss.append()
ss[i].column = "customers.ContactTitle"
ss[i].security = ""
ss[i].showHide = "session.var1 = \"alpha\""
 
i = ss.append()
ss[i].column = "concatenate(customers.name, ', ', customers.contacttitle)"
ss[i].security = "Sales,Marketing"
ss[i].showhide = ""
 
i = ss.append()
ss[i].column = "customers.CompanyName"
ss[i].security = "Administrator"
ss[i].showhide = ""
 
dim security as c
'Generate a JSON string
security = json_generate(ss)
 
dim loggedInGroups as c
loggedInGroups = Context.Security.GetUserRoles()

sql2 = a5Helper_SQL_ApplySecurity(sql,security,loggedInGroups)

See Also

• Context.Security