1. Security Administration Guide
  2. Inclusive Row Security

Inclusive Row Security

This table shows the records that you define using the Row application in Security Workbench when you use inclusive row security to secure your system:

User

Table

Data Item

From Value

Thru Value

Add

Change

Delete

View

Alias

MG5700778

F0101

CostCenter

1

20

N

Y

N

Y

MCU

MG5700778

F0101

CostCenter

51

70

N

N

N

Y

MCU

This example shows the Select operation that the system performs against the F0101 table:

SELECT * FROM TESTDTA.F0101 WHERE ( ( ABMCU BETWEEN ' 1' AND ' 20' OR 
ABMCU BETWEEN ' 51' AND ' 70' ) ) ORDER BY ABAN8 ASC

This example shows the Update operation that the system performs against the F01010 table:

UPDATE TESTDTA.F0101 SET ABALKY=' ',ABTAX='546',ABALPH='John 
Doe',ABDC='JOHNDOE',ABMCU=' 60',ABSIC='
',ABUSER='MG5700778',ABPID='EP01012',ABUPMJ=101214,ABJOBN='DEN123456',
ABUPMT=154030.000000 WHERE ( ABAN8 = 6864221.000000 ) AND ( ABMCU 
BETWEEN ' 1' AND ' 20' )
Important:

The presence of a single record or a set of security records in the Security Workbench table (F00950) with all N values for one or more operations for a table and data dictionary combination will disallow that user from performing that particular operation on the table.

Note:

Row Security is applied for range of values that have Y in the Add/Change/Delete/View action

As illustrated in the examples, when you define data access security using exclusive row security, you identify a range of values that are to be secured from the user. When you define data access security using inclusive row security, you identify a range of values that the user can access. Depending on your security setup, inclusive row security can increase performance over exclusive row security. The reason for the performance increase is due to the select and update statements that the middleware generates. Performance can be improved if the use of inclusive row security results in a small range of valid values in the row security application rather than specifying a large range of secured values in the row security application to use exclusive row security.