E9.1 Secure all but a couple fields in a form

[ecarverHT]

Long time reader, first time poster, please let me know if more detail is required!

I am currently working with our Inventory Control team to cleanup unauthorized change access to several important Inventory Data forms and I'm having challenges implementing security in an effective way based on their requests. Example scenario for W4101A is as follows:

Only INVCTL role should have full access to W4101A. The idea was originally to secure W4101A at *PUBLIC and grant explicit access to INVCTL at the role level. However, several other areas own the data in certain columns shown in W4101A. Let's use Planner/Buyer Number (alias ALKY) as an example since our PURPLAN team will need to be able to update that.

If W4101A Action is secured at *PUBLIC, would adding Column security for ALKY allow PURPLAN to Change/Save on W4101A? Or is the only way to achieve this limited change access to W4101A to add Action security for PURPLAN and then Column security for all OTHER fields?

Thanks in advance for any help!

 

[markdcci]

Hello,
"...add Action security for PURPLAN and then Column security for all OTHER fields" should achieve your goal. It's a bit cumbersome to set up but I have done it. If you don't give a role action security there is no way they can change the data, even in columns for which they have access.

Is it the only way? Probably not, but one I've used a lot. Not sure what tools release you are on but you might want to also explore using the Form Extensions UDO if you have it. It seems to be a little easier to remove columns and should allow re-arranging the screen to possibly make it cleaner. Not sure how foolproof it is in terms of preventing update of other columns but you might want to at least take a look.

 

[ecarverHT]

If you don't give a role action security there is no way they can change the data, even in columns for which they have access.

Yeah that's what I figured and also what I was afraid of. Oh well. Thanks for the answer!

As for the tools release, I'll have to check with our CNC what UDO we have available. Thanks again!

 

[BPConnor]

the security you put in place will depend in part on what your settings are at *PUBLIC for application and Action. IF they are both set to deny access, then there is no need to further restrict W4101A at *PUBLIC as the *ALL setting covers it. Grant full access to W4101A in INVCTL You can use TAB security to restrict an entire tab of the form and then Column security for a tab where only a few items should be editable. You can restrict the tab/column at *Public and then grant back for INVCTL and PURPLAN and others as needed or apply the restrictions within the roles.