Presentation Objects

The Presentation Object Concept was introduced to increase security and simplify the tasks of setting up and maintaining the authorization system at installations. The grouping is made on the visual entities that make up the user interface of the IFS Applications, so called Presentation Objects. The presentation objects maintain information about grantable objects such as views and functions that are needed for operating the Presentation Object in the application. The concept also includes the tools needed for handling identification of the Presentation Objects and their contents, tools for handling the roles to assign for users and the runtime support functionality.

Presentation Object Security is used in two different ways by IFS Applications:

• Used as container for all database objects used by the Presentation Object. When granting the Presentation Object to a Permission Set all the Database Objects is granted to the Permission Set. Presentation Objects helps the Administrator know which Database Objects is needed by a Presentation Object.
• It is also used in clients to determine whether to show or not to show a specific Presentation Object in a specific client, for instance in IFS Windows Client navigator.

The difference in authorization between Presentation Objects and Database Object Security is that Presentation Object Security is performed by the client, but Database Object Security is performed by the server. Database Object Security is always performed in the server.

Contents

• Types of Presentation Objects
• Links
• Benefits and Drawbacks
• Overall Design
• Interaction Access Rights/Presentation Object Security
• Presentation Object Repository

Types of Presentation Objects

Presentation Objects are the visual entities that the user refer to, such as forms, web pages and also reports. The objects themselves in the framework consists of the name, title, the enable flag and a list of associated database objects (being views and methods), and also a list of dependant presentation objects.

The following visual entities exists as Presentation Objects:

• Windows Forms
  This is normal forms in IFS Windows clients.
• Web pages
  This is web pages in IFS Web client.
• Portlets
  This is portlets in IFS Portal framework
• Reports
  This is reports created with Foundation1
• Quick reports
  This is Quick reports created with Foundation1
• Others
  Tasks that can be scheduled as Scheduled Tasks
  Some internal structures that can be granted as Presentation object

In essence, Presentation Object Security is superior to Database Object Security for administration because

• Security grants are a grouped to the user interfaces end-users are using, which makes it much easier to find which privileges to grant or revoke.
• Presentation Objects only include features actually used by clients. Using Presentation Objects, it is impossible to accidentally grant server methods which are not intended for use by clients.
• It is possible to disable certain User Interfaces. This is helpful since it helps users getting rid of GUIs they are not supposed to see.

In some environments, disabling User Interfaces may be considered as a "client security" strategy. This has some merits if the only interface is IFS Web Client, or if a IFS Windows Client with just a few forms are available through Citrix or Windows Terminal Services. Note that all client security strategies are dangerous, only true server managed security such as grants to views and methods are considered reliable.

Links

Read about how to

• Administrate Security
• Manage Presentation Objects

Interaction Access Rights/Presentation Object Security

The Presentation Object Security is an extension of the existing security framework. It is still relying upon the strong framework of Access Rights settings for the low-level database objects. Grants and revokes upon such objects will always affect what objects a user can access. The Presentation Object Security is in its main parts only a different way of administrating these settings. The intention is to lift the administration one level so that the grants and revokes of low level database objects is performed automatically when the administrator is granting or revoking the higher level Presentation Objects. Settings done using the Presentation Object Security administration is at all times reflected in the Access Rights settings.