We are using complex security rules to determine whether an user is allowed to access a specific record. We started using xpath constraints on datagrids but these are very complex and need to be applied to a lot of datagrids, thus making maintenance very hard. Since we use an external reporting solution that applies the same security rules we want to centralize the security rules. The security data is available via a custom java action and can be used in Microflows to validate whether a user can access a record. However, we also want to use this information to restrict data presented in datagrids. XPATH however requires associations in the database. We did take a look at the solution presented on the forum, using a dataview which is populated by a microflow, and where the microflow sets dummy associations in the database, so these can be used in an xpath on a datagrid nested in the dataview. We are concerned about performance though and about associations that might remain in the database in cases where users disconnect sessions. What is the preferred approach? Create a custom datagrid widget (note that we do need regular datagrid functionality that allows the user to search and select a record and e.g. edit the contents or start a microflow)? Or is it e.g. possible to use java calls in XPATH?
It is always advised to set all important security rules using Entity Access. This is always checked on the server and can't be circumvented.
I'm not sure how you want to implement the data source dataview with dummy associations but this in and of itself shouldn't be too much of a performance problem. The java action (if external) would most likely be the heaviest, and I think that's the only real thing you always have to do.
Cleaning up the associations could be done using either a scheduled event or the Microflow Timer (keeping it alive whilst the user is on the form).
Robert van 't Hof
Thanks. I will do some tests.
Would it be possible to create a custom datagrid that would remove the need to create the temporary associations and use the java action data directly?