Quick Tip: Updating Dexterity customizations to work with Security Tasks and Security Roles

David Meego - Click for blog homepageAnother Quick Tip for Dexterity developers. This one discusses what changes need to be made to an integrating Dexterity application when upgrading from pre version 10.0 code to version 10.0 or GP 2010 to handle the changes in the security model.

When version 10.0 was released it changed the security model from the old user and class based optimistic model (where access was granted by default and you had to deny access) to the role and task based pessimistic model (where access is denied by default and you have to grant access).

There are a few requirements that a Dexterity developer needs to consider when working with this security model change:

  • Hidden forms (forms without windows, or with windows that don't open) used for coding purposes (including command forms) are no longer able to open unless they are either excluded from security or added to the security model and access granted.

    I would recommend excluding them from security using either a display name of ~internal~ on the main window or using a trigger on ExcludedFromSecurity() of form sySecurityTaskEntry function.

    You would be surprised how many cases I have taken where newly upgraded systems get security privilege errors on login caused by customizations trying to open hidden forms. Please see the post: How to resolve Security errors on Login.
     

  • For all non-hidden form and report resources, create Security Tasks and Security Roles in the security tables.

    The original developer is the best person to understand the tasks the product does and what tasks are needed for each role. So create these default Security Tasks and Security Roles for the security administrator to leverage to grant access to the customization.

These topics are covered in detail with example code in the Integration Guide (IG.PDF) manual installed with Dexterity, please look at Part 8: Application Services, Chapter 36: Security (Thanks to Steve Kubis).

I know that v10.0 and GP 2010 were released quite a while ago, but I am still seeing these issues occurring.

Hope this is helpful.

David

27-Oct-2011: Added link to How to resolve Security errors on Login post.