Setting security for temporary tables without modifying the application

[em#]

Hi!

Temporary tables are not shown in the security tree for assigning permissions, so it's not possible to enable them for users.
In order to make possible to set permissions to a temporary table I modified the SysDictTable class.

boolean allowSecuritySetup()
{
if (//this.isTmp()|| //Temporarily commented in order to show Temp tables in the Tree

this.isMap() ||
this.isView() ||
!this.securityKeyId() || //If not, the table rights cannot be calculated if the user is a member of >1 group
(this.configurationKeyId() && !isConfigurationkeyEnabled(this.configurationKeyId())))
return false;
return true;
}

My question is if there is a way to enable permissions for Temp tables without modifying the application.

Thank you.

[gl00mie]

Цитата:

Сообщение от em#

My question is if there is a way to enable permissions for Temp tables without modifying the application.

What's the purpose of setting permissions on temporary tables? They're always populated by code, and the originating data is usually taken from "real" tables or somehow produced by the code, so you can always perform an access validation in your code:

X++:

if (isTableUserEnabled( tablenum(CustTable) ))
{
    // populate temp table
}
else
{
    throw error( "@SYS60037" ); // Access denied
}

Besides, you never know where this or that temp table can be used. If an arbitrary temp table has a suitable set of fields then it's sometimes preferable to use it in your custom form/report then to create a new temp table. E.g. lots of standard reports in the localization for Eastern Europe use just a couple of temporary tables - both in Accounts Payable and Accounts Receivable modules. Obviously in this case it's more flexible and robust to validate access by security keys on menu items.

[Ivanhoe]

You can set access for security key, all tmp-tables attached to that security key will automatically gain the same access level.

[oip]

I can't even imagine why you need to make temp tables inaccessible for users. Could you please explain this to us? It's very interesting. As gl00mie said, temp tables are always used by programmers only to collect data (say from real tables and in this case it's correctly to set permissions to that real tables or to a menuItem that executes an operation filling your temp table). From this point of view temp tables are very similar to maps, arrays, recordSortedLists or even containers etc. So again, it's only a way to collect data.

[em#]

Thanks All for the reply.

The table we want to allow permissions - tmpInventTransWMS - has a Security key on SYS layer.

The error below can be reproduced in Purchase orders screen, by selecting a purchase line, click Inventory button-> Registration.

“Not enough rights to use table 'Registration/picking' (TmpInventTransWMS).”

So, what security setup needs to be done for a particular user group to avoid this error? If temp tables have Security keys on SYS layer it is possible that there’s a way to manage them?

We can enable access to the temp table by setting access for the Security key the table is attached (in particularly for InventTables key), but it will enable some extra permissions to the user group.

Once again, thanks for help.

[gl00mie]

Цитата:

Сообщение от em#

The table we want to allow permissions - tmpInventTransWMS - has a Security key on SYS layer. So, what security setup needs to be done for a particular user group to avoid this error? If temp tables have Security keys on SYS layer it is possible that there’s a way to manage them?

You can modify the table and clear its SecurityKey property. Or as you've mentioned you can enable access to the corresponding SecurityKey and disable access to other affected "persistent" tables on a per-table basis.

Цитата:

Сообщение от em#

We can enable access to the temp table by setting access for the Security key the table is attached (in particularly for InventTables key), but it will enable some extra permissions to the user group.

Build CrossReferencies and look where a particular security key is used. As to the InventTables key, it seems that the only extra permission it gives (that cannot be disabled) is access to some other temporary tables from Invent and WMS modules. Also note that if a table has a ConfigKey attached and that ConfigKey is disabled then the table also becomes temporary despite its Temporary property value.

PS. Here's a sample job to find other temporary tables with SecurityKey set

X++:

Dictionary      dict = new Dictionary();
DictTable       dictTbl;
Counter         n;
;
for (n = 1; n <= dict.tableCnt(); n++)
{
    dictTbl = new DictTable( dict.tableCnt2Id( n ) );
    if (dictTbl && dictTbl.isTmp() && dictTbl.securityKeyId())
    {
        if (dictTbl.configurationKeyId() && !isConfigurationKeyEnabled( dictTbl.configurationKeyId() ))
            continue;                       // table is temporarty 'coz the corresponding configKey is disabled
        info( strfmt( @"Temporary table %1 has securityKey: %2", dictTbl.name(), securitykeyid2name( dictTbl.securityKeyId() ) ) );
    }
}

[oip]

Цитата:

Сообщение от em#

So, what security setup needs to be done for a particular user group to avoid this error?

Invent -> InventTables. I mean InventTables "group" itself without tables included in this group. The only table which securityKey has to be set to open InventTransRegister form is InventTrans. All other tables may be "turned off". And this will be a correct setup.

[em#]

I set view rights to InventTables node, without tables and full access control to InventTrans table. The Registration form can be opened now.

Thank you all for the help.

[oip]

Yes, when you make your security setup since it's a temporary table it isn't shown in the list of tables in the "tables node" . So in order to get access to your temp table it is enough to set any rights to the node InventTables.

PS If any of the answers above helped you we have a button "Thanks" just below every post. Welcome to AxForum!