(Show Contents)
Application-Level Virtual Private ARCHIBUS
The Virtual Private ARCHIBUS (VPA) restriction is an SQL restriction attached to the current user session. VPA is a part of the ARCHIBUS data security. It enables you to specify which raw (non-aggregated) data the user is allowed to see in forms, grids, charts, and other standard panels.
- It contains metadata, describing to which tables and/or fields it is applicable.
- It is defined on a per-role
or per-user basis and is initialized and added to each user’s profile on login.
- It is established when the
user signs in to the database and remains for the duration of the session.
- It applies to the Select
Values dialog as well as to the view.
- It can be set globally on
all similar tables or fields with a single statement.
- It cannot be cleared by the user.
The ARCHIBUS programs:
- always apply the VPA when displaying raw data in forms, grids, charts, and other standard panels.
- do not apply the VPA when saving data from forms.
- always apply the VPA when outputting raw data to paginated reports, Excel, or PDF.
- always apply the VPA when outputting raw data using Data Transfer Out.
- do not apply the VPA when importing raw data using Data Transfer In.
- do not apply the VPA to the process of calculating aggregated data.
Note: VPA applies
to the data retrieved by the program, but not to the calculations or actions.
For instance, if a staff member runs the recalculate chargeback task,
it recalculates for all data.
Note: If
more than one VPA restriction is specified, the restrictions will be joined
with an "AND".
ARCHIBUS uses
two types of VPA restrictions:
See Also
Add-in Manager/Business Logic Extensions/DataSource Programming/Additional Programming Aspects/Customizing Business Logic and VPA Restrictions
You may wish to review the hierarchical
security topic to see how to restrict access to individual views for
different staff members.