Module prt - Privileges Management
The module prt (protection interface) provides the general functions to manage privileges for records and objects in DataView.
In DataView each record is marked with a privileges Id according to the scheme »OWNER-GROUP-WORLD«. DataView always checks the existing privileges in all functions that change data of an element. The access protection of elements is checked as follows:
- If the current user is the owner of the elements, DataView evaluates the owner privilege.
- If the current user is a member of the owner group of the element, DataView evaluates the group privilege. In this case the user gets only the maximum access you defined for him during group assignment.
- If the current user is neither the owner nor a member of the owner group of the element, DataView evaluates the WORLD privilege.
- The delete privilege includes all other privileges, while the write privilege includes the read privilege.
- Users with manager privileges have access to all elements with the exception of the system entries or protected application entries.
If you manipulate records in userexits, you have to explicitly check the access rights. Knowledge of the current group- and user data is not required. You only have to call the general standard function dal_prt_chk_acc. It can be applied for both element entries representing entities and relations (access checked for the complete object) and elements representing records (access checked for the individual record).
Important functions
- dal_prt_chk_acc
- Checks the access privileges to a record for the current user in the current group assignment.
- dal_prt_chk_own
- Checks whether the current user is the owner of a record.
- dal_prt_ret_usr, dal_prt_ret_uic
- Returns the name or the identification code of the current user (UIC).
- dal_prt_ret_grp, dal_prt_ret_gic
- Returns the name or the identification code of the current group (GIC).