This example of how to hide records is for a company with three customers: Logic Equipment, Widgets Inc., and Modern Software. You want to control records of the Defect record type so that your customers can access your production database to perform these tasks:
When Modern Software customers log in to the database, they must not see defects filed by Widgets Inc., Logic Equipment, or your own team. When a Modern Software customer creates a query in the Rational® ClearQuest® Client, the only information in the result set is related to the defects submitted by other Modern Software customers.
This example describes the following procedures:
These procedures require various user access permissions. You must have the super user privilege to complete the procedures listed in this example.
This example uses a schema based on the predefined DefectTracking schema, which contains Defect and Customer record types. This example assumes that the schema is checked out.
To control access to defect records, you create a security context field in a Defect record type that references the Customer record. You create the field in the Record Fields grid, add the field to the record form, and apply the schema changes.
A Security Context field must be a Reference field type. You can add more than one security context field. If you do, you must be a member of at least one of the groups that can see records of that type.
To create a Security Context field in the Defect record type:
When you select the Customer record type from the Reference To list, the Security Context check box is selected.
A page named Ratl_Security is added to the Submit and default forms of the security context (Customer) record type. You use this page in the Rational ClearQuest Client to select the groups that can view the record. (You can change the name of the Ratl_Security page. See Changing form page (tab) names.
As an example of adding more than one security context field to a record type, you might add a security context field that references the Customer record type and another security context field that references the Quality_Assurance record type. If you add customers to the Customer record type and members of your Quality Assurance group to the Quality_Assurance record, users in any of the group lists for those record types have access to the records under security control.
You might want to include a hook to populate the field, based on the user who logs in. This practice ensures that the field contains a valid value. You might also consider preventing users from performing certain actions. For example, you might allow only internal users to close a defect, and prevent your customers from deleting records. For more information, see Using other Rational ClearQuest security features.
After creating the customer_defects field, you must add it to the Defect record form.
To add the new customer_defects field to the Defect record form:
After adding a new field, you must check in the schema and apply the schema changes to the user database. After you perform these steps, these changes cannot be reversed. For more information, see Customizing a schema.
You create the groups to be associated with the Customer security context record, add users to the groups, and update the user database with the new user information. For this example, you create user groups for Widgets Inc., Modern Software, and Logic Equipment, and then add users to these groups.
In your own security system, you can also use existing groups. You might want to create additional groups, such as a group that can view all records submitted by internal users, a group that can view all records submitted by all companies, or a group that can view all records, regardless of who submitted them.
For information about creating groups, see Creating a new user group and Adding users to a group.
You submit a Customer record for each company that you want to provide access to your database: Widgets Inc., Modern Software, and Logic Equipment.
To submit the security context records:
You can also create groups that can view all records. If you create a group that can view all records, add this group to each customer record.
Next you must associate specific groups with each security context record. In this example, you select the user groups to associate with the customer records submitted for Widgets Inc., Logic Equipment, and Modern Software. These groups contain the users to whom you want to grant privileges to view and change records.
To associate the groups with the Customer records:
Next, you edit each defect record that you want customers to access, assigning a customer to the customer_defects field. This action gives the Logic, Widgets, Modern groups access to the record. This step assigns the value of the security context record to the security context field.
In the Rational ClearQuest Client:
The work required to hide records is now complete.
A Widgets Inc. customer can now log in to your database and perform the following tasks: