Menu

Control table visibility through AD security groups

+4 votes

I'm not sure if this would even be possible, but it would be awesome to be able to restrict the visibility of tables to different Active Directory security/user groups. For example;

Main user group - can only view "Products" and "Clients" tables.

Super user group - can view "Products, "Clients", "Staff" and "Payroll" tables.

Accounts user group - can only view "Payroll" and "Staff" tables.

The current option of hiding certain table's relationships is fantastic, as well as the option of assigning a different group for "Admin" level access and "User" level access, but having that level of control over specific tables as well would be great.

in Features (Todo) by (970 points)
Share on
share on gp share on fb share on tw share on li

1 Answer

+4 votes

Thank you for the request.

As designed, the answer would be to create multiple applications to satisfy the different user groups. This would involve some duplicate effort but it does make sense since they are different roles.

The different roles likely need more than just additional table access. They might need different reports, exports, access to differ procedures, etc....

That said, I can definitely see how this would make it easier to implement systems where there are multiple groups each having their own access levels.

NOTE: Please vote on this Feature Request if it interests you.

by (65.1k points)
Hello,
I can see the benefit of both ConnorK's original request and Anthony's suggestion that separate applications are a possible solution. I think that the separate applications are cleaner but will, necessarily, involve more work. A possible way to circumvent some of the additional work would be to allow the export and import of individual table metadata to cut down on the re-keying and re-design.
If you imported this table metadata into a Repository application you've got the beginnings of a data dictionary which you could use as building blocks for other applications.
Best Regards
Colin
by (1.2k points)
Hello,
We will be using SSO (OKTA), with that we pass in our DBFront AD groups that the user belongs to.  These AD Groups are used for general access to the application.  It would be great if these AD Groups could held as a fixed variable like %ADGroups% that could be used in the Row Security queries.  This would allow me to put ('DBFront_PayrollAdmins' in %ADGroups%) in the Can Update section of Row Security.  We manage our AD Groups very closely so I can count on them being correct.

With this suggestion the %ADGroups% would contain a comma separated list of the AD groups that our SSO provider would pass to DBFront.
Cheers!
by (200 points)
Welcome to the dbFront Q&A site, where you can ask questions and receive answers from other members of the community.

Categories

Most popular tags

table-view error lookup-field security action-button table-grid advanced-search form-fields user-interface stored-procedure css reporting customizing installing tables import url export attachments authentication single-sign-on user-help active-directory login search sqlserver database-connection foreign-key license field-preferences custom-visibility email performance pdf-form cascading-lookup themes mysql date-field backup upgrading table-relationships quick-search drop-down-list logo refresh excel printing notifications primary-key iis azure database webrequest costed sidebar-help user-profile multi-select main-menu attachment-properties iframe numeric-field table-preferences access-control record-locks timeout sorting multilingual header connector audit support csv oracle display hosting connection link help html-fields whitelisting child-tables session-key-failure wildcard-search font-size caching save-button row-security default-value barcode network-file local-file integrations logout custom-sorting validation custom-caption debugging ldap xml checkbox
 | Minimalist Answer Theme by Digitizor Media
 |
Powered by Question2Answer
...