Defining a Domain Security File

After you create your new domain, we are going to secure some information depending on users' roles.

Business Case

Here are your company employees:

User name / role boss ROLE_your_domain_name_HR_MANAGER
  jasper ROLE_your_domain_name_STORE_MANAGER
  repsaj ROLE_your_domain_name_STORE_MANAGER

Create the above users and roles.  Don't forget to assign roles to users.

Figure 1
Figure 2 Figure 3 Figure 4

Security Context

A domain security file contains item and resource access grants that specify the access to grant based on certain aspects of a user, such as roles. There are 2 types of domain security: row-level security and column-level security. A domain security file can contain both types.

Security Examples
Row-level security Jasper and Repsaj are two store managers. Jasper is responsible of Los Angeles store and Repsaj is responsible of San Diego store. A row-level security displays users own rows, based on a profile attribute value. For this example, the profile attribute is the store city.
Column-level security Boss is a human ressources manager. Unlike store managers, Boss has access to personal datas of all employees. A column-level security grants access to some specific columns (eg: hire_date, salary) only for HR managers.

Now let's create the domain security file for this business case.

Create the Security File

Here is the structure of a security file:

<securitydefinition itemgroupdefaultaccess="granted"
        <!-- Row-Level Security rules -->
        <!-- Column-Level Security rules -->
  • A security file is just a simple XML document. You can use any text/XML editor (eg: notepad++ or XMLBuddy).
  • It relies on the schema of your domain. Therefore, when creating the security file, it is useful to have your schema structure visible as a reference.

Row level security

  • Row level security is defined in tags.
  • This type of rule is mapped to or tags of a domain schema.
  • Precisely, resourceId="JoinTree_1"> (security file) should match with id="JoinTree_1" ...> (domain schema). See Figure 5.

Figure 5

How to set up a Row-Level security

Column level security

  • Column level security is defined in tags.
  • This type of rule is mapped to tags of a domain schema.
  • Precisely, itemGroupId="employee" ...> (security file) should match with id="employee" ...> (domain schema).

Figure 6

How to set up a Column-Level security

More On Domains