Security Transform

If you choose the Security type in a transform process, you can specify which users and groups will be able to access data from the selected columns, the selected rows where the boolean column value is true, the rows where the field value matches user credential, or the entire table.

The following table shows an example of the input, which will be used in the following types: Column, Row, Row Credentials and Table.

Table 7.2. Shared input of Security Transform

DepartmentEmployeeSalary
managementABC12000
salesDEF11000
salesGHI8000
marketingJK9000
marketingLM10500

Note

Users and groups should be created according to employee names and department names.

Column

This type enables you to choose which users and groups will be allowed to access the values in the column. For example, if you want to enable the management staff to view salaries, create a Security Transform and click Next. The Secure a table window opens. Select the Column type, the Salary column and the management group.

Users of the management group are able to view the Salary column. The output is the same with Table 7.2, “Shared input of Security Transform”.

Users of the sales, marketing and other groups cannot view the Salary column. The following table shows the output:

DepartmentEmployeeSalary
managementABC 
salesDEF 
salesGHI 
marketingJK 
marketingLM 

Row

This type usually works with booleans, which you can build with any logic. Only authorized users and groups will be allowed to access the rows where the boolean column value is true. If you want to enable the sales staff to view salaries of only their own department, use Compare Transform first to create a new boolean column "CanSee". Select the Department field and the Equal operation. Type CanSee as the New Field and type sales as the Value.

In the Secure table window, select the Row type, the CanSee boolean column, and the sales group.

Users of the sales group can view the salaries of only their department. The following table shows the output of Table 7.2, “Shared input of Security Transform”:

DepartmentEmployeeSalary
salesDEF11000
salesGHI8000

Users of the other groups cannot view any contents, unless you have made further settings.

Row Credentials

This type compares the selected field values with user credentials. Only users and groups with a credential matching the field value will be able to access the row. If the field value is *, it matches any credential, and any user can access the row. If the field value is a blank string, it does not match any credential, and no one can access the row.

Users and groups will not be distinguished in the credential list. There may be both a user and a group with the same name, for example, "sales". Users with other names can also have the "sales" credential if they are a member of the sales group. Each field value can contain at most one credential. If the value is "Elixir Sales", then it does not match any credential.

If you want to enable the employees to view salaries of only their own department, create a Security Transform and open the Secure a table window. Select the Row Credentials type and the Department column. Click Finish.

Each employee will be able to view salaries of their own department. For example, employees of the marketing department will see the following output of Table 7.2, “Shared input of Security Transform”:

DepartmentEmployeeSalary
marketingJK9000
marketingLM10500

Table

This type enables you to specify which users and groups will be able to access the records in the entire table.

If you want to enable the management group to access the table, create a Security Transform and open the Secure a table window. Select the Table type and select the management group.

Users in the management group will see all the records in the table, as shown in Table 7.2, “Shared input of Security Transform”.

Users in other groups cannot see any contents, unless you have made further settings.