Release 10.1A: OpenEdge Development:
Progress Dynamics Administration

Grant model

By default, in a grant model users have no access, unless you define specifically how they have access.

In a grant model, users gain access if you have granted them access to any of the groups to which they are linked. If you have granted access in more than one group, the users get the least restrictive access.

In applications where only a small part of the application is visible to the user, the grant security model reduces the effort in setting up security for a new user. Instead of revoking security rights to most of the options in the application, it will only be necessary to grant rights to a small part of the application.

Field security and action security have the potential to create huge numbers of records in the database if you use a grant strategy, as you will need to grant access to every single field and action in the system. To prevent field and action security from becoming unusable, Progress Dynamics only checks them if you have set the applicable security field or action in the database. For example, in the grant model, if you have not set security on a particular field in the database, all users will be able to access that field. As soon as you set up security for the field, you will have to grant access to all users who need to access it. The same rule applies to action security.

In a grant model, keep in mind that you might have to grant access to more than one object to allow a user to access certain functionality. For instance, for a menu item, the user needs access to the parent menu structure, the menu item itself, and the object that is launched by the menu item. If you do not grant access to all of these objects, the user will not have access to the menu item.

For an example of how the grant model relates to security groups, see the "Security groups and the grant security model" section.

Specifying a security model

Make sure to make all the design decisions necessary so that you have the right security model at the beginning of your development cycle.

To specify the security model for your application:
  1. If you are changing your existing security model, make a backup of your application database.

  2. From the Administration window, choose Security Security Control. The Security Control window appears, as shown:

  3. If you are changing your existing security model, choose the Clear Security Allocations button. An alert box appears, warning you about the implications of choosing this action.

  4. Choose Yes in the alert box.

  5. In the Security Allocation window, specify either Revoke or Grant as the model you want to use, then choose the Save button.

Copyright © 2005 Progress Software Corporation
 www.progress.com
Voice: (781) 280-4000
Fax: (781) 280-4095