Loading...
 

CX_SECURITY - Abstract base class for access rights

CX_SECURITY

Class hierarchy
Description:

Base class for all security policies.
The CX_SECURITY object currently active in the system can be queried via CX_SYSTEM_OBJECT։։GetRegisteredSecurity.

semantic change:

As of Dll version 225901, the semantics of the Securtiy evaluation have been revised. The changes are summarised in the following table. The old semantics can be activated transitionally via the environment variable CX_SECURITY_OLD_MODE=1.

Before Dll version 225901
Or CX_SECURITY_OLD_MODE=1
From Dll version 225901
An empty CX_SECURTIY_SET or a set consisting only of empty sets is only treated as if no security were registered when evaluating class/object accesses. (=all allowed)
This rule does not apply to message access , but the default here is also everything is allowed.
The following applies to access to system functions:
  • ClassiX shell allowed
  • ApplyUserRights forbidden
An empty CX_SECURTIY_SET or a set consisting only of empty sets is always treated as if no security were registered (= everything allowed).
The default for message access (if no security object is responsible) is that the message is allowed.The default for message access (if no security object is responsible) is that the message is blocked.
The default for the system functions (if no security object is responsible) is:
  • ClassiX shell allowed
  • ApplyUserRights prohibited

The default for the system functions (if no security object is responsible) is:

All options forbidden.

If there are several responsible security objects in a CX_SECURITY_SET , the following applies:

In the case of several responsible security objects in a CX_SECURITY_SET , the last one always applies.

If there are several responsible security objects in specializations in CX_CLASS_SECURITY/CX_OBJECT_SECURITY, the first one applies.In the case of multiple responsible security objects in specialisations in CX_CLASS_SECURITY/CX_OBJECT_SECURITY, the last one shall apply.
In case of multiple responsible attributes in accessExpressions in CX_CLASS_SECURITY/CX_OBJECT_SECURITY, the first one shall apply.In case of multiple responsible attributes in accessExpressions in CX_CLASS_SECURITY/CX_OBJECT_SECURITY, the last one shall apply.

Code example:
...
Method Directory (MDI)
FunctionMA*ParameterReturnShort description
Register --Registers the security object in the system
TestClass
225901
INTEGERCX_BIT_PATTERNReturns the class access for a specific class.
TestMessage
225661
INTEGERTRUE/FALSETest whether message is allowed or blocked.
TestObject
225901
OBJECT, STRINGCX_BIT_PATTERNReturns the object access for a specific object (+ path).
TestOption
225735
INTEGERTRUE/FALSETest whether option is allowed or blocked.

* MA = Member Access Function

Use in AppsWH

Module Brief description