close

主要:

Primary Table

A primary table is any table that will be used to restrict data in the constrained table. It is the table that is specified in the policy query.

Constrained Table

A constrained table is a table on which data filtering is applied. It can be a primary table or a table that is related to the primary table.

Policy Query

Policy query helps to secure data in the constrained table defined in the XDS. It is used to fetch data from the primary table, which is then used to restrict data in the constrained table.

Context

Context is the most import part of XDS without which security policy will not be applied. It defines the context on which security policy will be applied. It can have three possible values:
  1. ContextString: Defines a specific application context on which security policy will be enabled. It is also called an application context.
  2. RoleName: Defines that the security policy will only be applied to a particular Role in the application.
  3. RoleProperty: Used to define multiple Roles for a single security policy.

 

how would we set that up?

  1. The first thing to do is to determine your Constraint and Primary tables, in this case the CustTable table is our constraint table and the CustGroup table is our primary table.
  2. Next we create the policy query around our CustGroup, we want this query to return the results that we want to restrict the constraint table with
    • Create a new Query, set the data source of the query to the primary table and then perform any filtering or other joins that need to be done for this query to return the results you want to filter by
    • In our case we are limiting the user to only be able to see customers that have a CustGroup of ’10’ and Name of ‘Major Customers’
  3. Now we can create our Security Policy, we set the following parameters
    • Constrained Table to Yes
    • Primary Table to CustGroup
    • Query to the name of the query we created in step 2
    • If we want this to be applied to a specific role we can set this in the Role Name field, if you leave this blank it gets applied across all roles in your environment
  4. We then add a constrained table to the policy, in our case CustTable and set the following parameters
    • Name field is the constrained table, CustTable
    • Table Relation is the primary table, CustGroup
  5. Now if we build the solution and do a database sync of our project our XDS policy becomes live, to show what this does I did a before and after using a user assigned the FpTestRole to show the affect of the XDS policy

User access without XDS policy applied

User access after applying XDS policy

 

arrow
arrow
    文章標籤
    Extensible Data Security D365
    全站熱搜

    lionlionchopper 發表在 痞客邦 留言(0) 人氣()

    E-mail轉寄