If you choose the Security type in a transform process, you can specify which users and groups will be able to access data from the selected columns, the selected rows where the boolean column value is true, the rows where the field value matches user credential, or the entire table.
The following table shows an example of the input, which will be used in the following types: Column, Row, Row Credentials and Table.
Table 6.2. Shared input of Security Transform
Department | Employee | Salary |
---|---|---|
management | ABC | 12000 |
sales | DEF | 11000 |
sales | GHI | 8000 |
marketing | JK | 9000 |
marketing | LM | 10500 |
Users and groups should be created according to employee names and department names.
This type enables you to choose which users and groups will be allowed to access the values in the column. If you want to enable the management people to view salaries, create a Security Transform and click Next. The Secure a table, a column or rows window opens. Select the Column type, the Salary column and the management group.
Users of the management group are able to view the Salary column. The output is the same with Table 6.2, “Shared input of Security Transform”.
Users of the sales, marketing and other groups cannot view the Salary column. The following table shows the output:
Department | Employee | Salary |
---|---|---|
management | ABC | |
sales | DEF | |
sales | GHI | |
marketing | JK | |
marketing | LM |
This type usually works with booleans, which you can build with any logic. Only authorized users and groups will be allowed to access the rows where the boolean column value is true. If you want to enable the sales people to view salaries of only their own department, use Compare Transform first to create a new boolean column "CanSee". Select the Department field and the Equal operation. Type CanSee as the New Field and type sales as the Value.
Create a Security Transform. In the Secure a table, a column or rows window, select the Row type, the CanSee boolean column, and the sales group.
Users of the sales group can view the salaries of only their department. The following table shows the output of Table 6.2, “Shared input of Security Transform”:
Department | Employee | Salary |
---|---|---|
sales | DEF | 11000 |
sales | GHI | 8000 |
Users of the other groups cannot view any contents, unless you have made further settings.
This type compares the selected field values with user credentials. Only users and groups with a credential matching the field value will be able to access the row. If the field value is *, it matches any credential, and any user can access the row. If the field value is a blank string, it doesn't match any credential, and no one can access the row.
Users and groups will not be distinguished in the credential list. There may be both a user and a group with the same name, for example, "sales". Users with other names can also have the "sales" credential if they are a member of the sales group. Each field value can contain at most one credential. If the value is "Elixir Sales", then it doesn't match any credential.
If you want to enable the employees to view salaries of only their own department, create a Security Transform and open the Secure a table, a column or rows window. Select the Row Credentials type and the Department column. Click Finish.
Each employee will be able to view salaries of their own department. For example, employees of the marketing department will see the following output of Table 6.2, “Shared input of Security Transform”:
Department | Employee | Salary |
---|---|---|
marketing | JK | 9000 |
marketing | LM | 10500 |
This type enables you to specify which users and groups will be able to access the records in the entire table.
If you want to enable the management group to access the table, create a Security Transform and open the Secure a table, a column or rows window. Select the Table type and select the management group.
Users in the management group will see all the records in the table, as shown in Table 6.2, “Shared input of Security Transform”.
Users in other groups cannot see any contents, unless you have made further settings.