 |
What type of permission can Visual Guard
manage?
How Visual Guard PowerBuilder does defines permissions? |
Permissions define what a user can do in an application:
Basically, you define what the user is allowed to see, do and modify
in your applications based on his profile.
Specific words are used to define permissions: authorization, Rights,
Restrictions, Privileges…
There are two ways of defining permissions:
 The most
secure way is to forbid everything by default, and then grant permissions
to allow possibilities.
This way, if you forget to define a permission, the user won’t
be able to do something he should, rather than accidentally do something
he shouldn’t.
The faster
way is to allow everything by default, and then you assign restrictions
to forbid some actions.
This way is faster because typically there are fewer restrictions
than permissions.
But as a result you usually end up with a role based access solution
that is complex, costly to maintain and difficult to update.
The need:
By default, an application includes code that defines the permissions
to run it. But this means that each time you define a permission,
you need to go through the entire development process again (specification,
coding, testing, deployment, etc).
This is a sharp issue because:
Applications
typically are updated only every 2 or 3 months, whereas permissions
can require much more frequent updates.
Bridging
the gap between the functional requirements and permission’s
technical implications can be very time consuming.
Complex
permissions are often identified only when the application is in
production, requiring an immediate fix.
The solution: Modify dynamically your applications
With Visual Guard PowerBuilder, you do not write code in the application
to define permissions. Your code is dynamically modified in runtime.
You can
create or modify permissions without going through the entire development
cycle of coding, testing, deploying, waiting for feedback…
You can
define permissions any time, even when the application is in production.
They are effective immediately.
What types of permission can Visual Guard manage?
There is no limitation on what permission you can implement with
Visual Guard. Any change you want to make in your PowerBuilder application
and any restriction are possible.
For instance, you can:
Hide or
disable fields, menu options, tabs, controls…
Switch
a Window into “read only”
Filter
data in a list
Modify
business rules…
How
Visual Guard PowerBuilder does defines permissions
Visual Guard can list all the objects and their properties. The
developer uses the Developer Workshop to identify the object related
to the permission and assign a new value to one of its properties
(like “visible” = “false” if you want to
hide a control). This permission definition is then stored in the
Visual Guard repository. The application code remains unchanged.
Visual Guard modifies the application at runtime according to this
permission.
|
