PANTHEON™ Help

 Toc
 PANTHEON Help - Welcome
[Collapse]PANTHEON
 [Collapse]Guides for PANTHEON
  [Expand]Guide for PANTHEON
  [Expand]Guide for PANTHEON Retail
  [Expand]Guide for PANTHEON Vet
  [Expand]Guide for PANTHEON Farming
 [Collapse]User Manuals for PANTHEON
  [Collapse]User Manual for PANTHEON
   [Collapse]Getting Started
     Dictionary of terms
     First steps with PANTHEON
    [Expand]Using PANTHEON at Tecta, a fictional company
    [Expand]Instructions for Ensuring Compliance of PANTHEON with SAS
    [Expand]PANTHEON Installation
    [Expand]PANTHEON System
    [Expand]PANTHEON Basics
    [Expand]PANTHEON Help
    [Expand]Materials and Goods Movements
    [Expand]Assigning Identifiers
    [Expand]Frequently asked questions about Pantheon (F.A.Q.)
    [Collapse]Archive
     [Expand]PANTHEON Editions
      Installing PANTHEON on Linux and Oracle Database
     [Expand]eDocumentation
     [Expand]eInvoice
     [Expand]Workflow
     [Expand]Backup
     [Collapse]Get.start
      [Expand]Duplicates
       Windows 7
       SQL Server
      [Expand]ODBC
       SQL Server Agent
       Windows Vista
       Slabšanje performans MS-SQL strežnika
      [Collapse]Row Level Security
        How RLS works in practice
        Upgrade
        Database
        Code changes
        Troubleshooting
        ARES - RLS Compatibility Mode
        RLS Questions and Answers
       MS SQL Server Installation
      [Expand]Task Scheduling
       PANTHEON System Environment
      [Expand]Hardware
       Installation types on different network configurations
      [Expand]Datalab Utilities
       Installation
       On-premises installation
       PANTHEON Cloud installation
       Ordering and setting eBusiness services
       One-user installation of PANTHEON Cloud
       Network installation of PANTHEN Cloud
       PANTHEON Client Setup Wizard
     [Expand]To-do
     [Expand]End-User License Agreement
      Introductory word
     [Expand]Referential integrity (RI)
      eExchange
      SMS notifications
   [Expand]User Manual for eBusiness
   [Expand]Settings
   [Expand]Orders
   [Expand]Goods
   [Expand]Manufacturing
   [Expand]Service
   [Expand]Help
   [Expand]Personnel
   [Expand]Financials
   [Expand]Analytics
  [Expand]User Manual for PANTHEON Retail
  [Expand]User manual for PANTHEON Vet
  [Expand]User Manual for PANTHEON Farming
[Collapse]PANTHEON Web
 [Collapse]Guides for PANTHEON Web
  [Expand]Guide for PANTHEON Web Light
  [Expand]Guide for PANTHEON Web Terminal
  [Expand]Guide for PANTHEON Web Legal
  [Expand]Old products Archive
 [Collapse]User Manuals for PANTHEON Web
  [Expand]Getting started PANTHEON Web
  [Expand]User Manual for PANTHEON Web Light
  [Expand]User Manual for PANTHEON Web Terminal
  [Expand]User Manual for PANTHEON Web Legal
  [Expand]Old products Archive
[Collapse]PANTHEON Granules
 [Collapse]Guides for PANTHEON Granules
  [Expand]Personnel Granule
  [Expand]Travel Orders Granule
  [Expand]Documents and Tasks Granule
  [Expand]Dashboard Granule
  [Expand]B2B Orders Granule
  [Expand]Field Service Granule
  [Expand]Fixed Assets Inventory Granule
  [Expand]Warehouse Inventory Granule
 [Collapse]User Manuals for PANTHEON Granules
  [Expand]Getting started
  [Expand]Personnel Granule
  [Expand]Travel Orders Granule
  [Expand]Documents and Tasks Granule
  [Expand]B2B Orders Granule
  [Expand]Dashboard Granule
  [Expand]Field Service Granule
  [Expand]Fixed Assets Inventory Granule
  [Expand]Warehouse Inventory Granule
  [Expand]Archive
[Expand]User Site

Load Time: 390.6251 ms
"
   1000002259 | 221882 | 373970 | Updated
Label

Code changes

              

 

  1. Modify SQL Objects
  2. ARES
  3. Code changes – Sample 1
  4. Code changes – Sample 2

 

1. Modify SQL Objects

SQL: Add WITH EXECUTE AS 'RLS_ALL'

Queries that need access to all data regardless user authorizations should be moved to SQL objects (stored procedures, functions, ..) and executed with impersonation AS USER 'RLS_ALL'

a) Sample: Find last acKey in tHE_Move:
When inserting records, new ackey is needed to insert a document.
User who is inserting the record does not have authorization on all the documents for certain document type as authorizations depend on department, warehouse and / or any other authorization, thus it is needed to execute such SQL without authorization restrictions.

please check stored procedure pHE_MoveGetNewKey

Note: WITH EXECUTE AS 'RLS_ALL' can be used in Views, triggers, functions (except inline table valued functions)

 

b) Check also:
gPA_SetDoctype_security
pMN_DocumentNewKey

Find RLS_ALL impersonated objects:
select SO.*, OBJECT_DEFINITION(SO.object_id)

from sys.objects SO

where OBJECT_DEFINITION(SO.object_id) like  '%RLS_ALL%'

 

2. ARES

a) Modify PL / SQL scripts
To impersonate complete PLS /SQL script use EXECUTE AS USER = 'RLS_ALL'.

Check sample on Dev Site.

000001.gif Same code is generated when using Dataset property
000001.gif Use prepared methods to achieve this functionalities.


Check ARES Compatibility mode

 

b) ARES and SQL: Remove joins to t%Security tables in SQL and PL/SQL code
Check vHE_Move changes

Joins to t%UserSecurity tables need to be removed. RLS cross applies t%UserSecurity tables as specified with security policy and RLS function for each table. For detailed information please check RLS Architecture.

3. Code changes – Sample 1:

 

Objects that need access without permissions need to be modified by adding:

with execute as 'RLS_ALL'

 

4. Code changes – Sample 2:

 

create procedure [dbo].[pHE_MoveGetNewKey]

   @cPoslDog   varchar(04),

   @dDatum     DATETIME,

   @cKljuc     varchar(13) = '' OUTPUT

WITH EXECUTE AS 'RLS_ALL'

 

Related topics:

  Row Level Security

  How RLS works in practice

  Upgrade

  Database

  Troubleshooting

 

 


 

Rate this topic
Was this topic usefull?
Comments
Comment will also bo visible in forum!