You can establish security profiles for each JustWare user group. These profiles define which sessions, views, snap-ins, and even fields that users can view, insert, update, and delete.
Security Profiles allow you to grant different levels of data access to different user groups.
These detailed security profiles allow you to keep your JustWare data secure and accessible. Security profiles, specified in the Security Profiles code table, are quite different than SQL Server security roles.
- SQL Server Security Roles: Specify permissions at the database level, on the SQL Server. These roles detail permissions related to all database objects like tables, views, fields, and stored procedures.
- JustWare Security Profiles: Specify permissions at the application level, on the Web server or Smart Client.
JustWare is installed with default SQL Server security roles: JW_ViewOnly, JW_JusticeBroker_Queue, JW_General_User, JW_Power_User, JW_Admin_User, and JW_Super_User. All JustWare users need to be manually added to one of these default security roles. The database permissions of these roles are mirrored in JustWare security profiles of the same name. Because the permissions of these SQL Server roles are not maintained in the JustWare application, you cannot override their restrictions by modifying the parallel JustWare security profile, nor can you override security restrictions placed on a particular user based on the SQL Server security role of which they are a member by adding them to a different security profile in JustWare.
You can, however, add further restrictions to a security profile, create new security profiles, and add JustWare users to or remove them from security profiles in the Security Profiles code table. JustWare security profiles are useful to fine-tune SQL Server security roles because more specific permissions are available.
For example, if a user is a member of the JW_Power_User role, they can view, add, modify, or delete any JustWare record. You can place further restrictions in the Security Profiles code table by indicating members of this profile cannot view the Conditions snap-in or cannot delete records from the Notes snap-in. Although the database allows users of this role to view or delete all records, the JustWare application does not allow the actions denied in the Security Profiles code table.
This example, however, does not work in reverse. Users who are members of the JW_ViewOnly role will never be able to add, modify, or delete records, no matter what permissions are specified in the Security Profiles code table.
Default Database Roles for more information on JustWare's default security roles.
Note: Snap-ins using the Pivot Lookup JWXML Attribute have the following differences:
- View : Only displays rows that are currently selected.
- Insert : The user can select check boxes, even after saving. The user cannot un-select the Selected check box after save.
- Update : The user can update fields but cannot change the Selected status.
- Delete : The user can un-select the Select check box.