Security Settings

 

 

Administrator Login (Hard-Coded) Administrator user id and password
Login Name Login Name for administrator
Password Password for administrator
Use Existing Table Link to existing table for login name and password validation
Table Existing table in database containing login name and password information
Login Name Field Login Name field in table used for authentication
Password Field Password field in table used for authentication

 

Advanced Security

Advanced Security feature allows you to setup User ID, assign User Levels to users and create a complete user registration system. To setup, click the Advanced] button.

DB AppMaker supports two types of security - User ID and User Level. User ID Security secures data at record level. User Level Security secures data at table level. They complements each other and they can work independently or together. Users get their User ID and User Level after login. Before login, an user's identity is unknown and the user is an Anonymous User.

 

User ID
User ID Security secures data at record level. Protected tables must have an User ID field for identifying which user a record belongs to. The User ID field names can be different in tables though. When User ID security is enabled, users can only access their own data.

Steps to setup User ID security for different tables/views:

  1. Click on User ID in the left pane.
  2. Select the User ID field from your user table, this field is usually the primary key of the User Table. (Note: if this field is not set, the feature is disabled)
  3. (Optional) Select the Parent User ID field from your user table. Parent User ID field stores the parent User ID that the user belongs to, parent user can modify the child user's records. Parent User ID is hierarchical, parent users can access the records owned by the child users of their child users. (Note: if this field is not set, the Parent User feature is disabled.)
  4. In the User ID Field] column, select the User ID Field for the tables/views that requires User ID security.
  5. (Optional) Enable Allow View All] if you allow all logged in users (not including Anonymous User) to list/search/view (but not add/copy/edit/delete) all records in the table.

 

User Level
User Level Security secures data at table level. Each user level is granted with specific permissions to tables in the database.

There are 2 types of User Level security:

1. Static User Levels - the User Levels and the permissions are defined in this form and the User Levels cannot be changed with generated scripts.

Steps to setup static User Level security for different tables/views:

  1. Click on User Levels in the left pane,
  2. Select an integer field in your user table as the User Level field], (Note If this field is not set, the feature is disabled.)
  3. Define your user levels, click icon the add an user level and icon to delete an user level.

2. Dynamic User Levels - the User Levels and the permissions are defined in 2 tables in the database, the User Levels can be changed with the generated scripts.

Steps to setup dynamic User Level security for different tables/views:

  1. Click on User Levels in the left pane,
  2. Select an integer field in your user table as the User Level field,(note: if this field is not set, the feature is disabled)
  3. Switch to the Dynamic User Levels tab, check Enable Dynamic User Levels,
  4. Select your User Level Table and User Level Permission Table and the required fields.

The User Level Table and User Level Permission Table must have the following fields, note the data types, User Level ID and the Permission fields must be of integer type, the field names can be different though:

If you want DB AppMaker to create these 2 tables in your database, click the Create tablesbutton, the following form will display for you to change the table/field names if necessary. You can change the table/field names and then click OK to continue.

If you have projects created by previous versions of DB AppMaker you may want to use Dynamic User Levels and migrate the previously defined static User Levels in the project to the database. After selecting or creating the User Level and User Level Permission tables/fields, just click the Migrate button to let DB AppMaker do that for you.

After setting the user levels, DB AppMaker will populate the user levels to the User Level field's Edit Tag (also see Field Setup) so administrators can assign user levels using the generated pages.

There are three built-in user levels:

Anonymous - Anonymous user level is a built-in user level for the Anonymous User (i.e. users that have not logged in). Anonymous is -2.

Administrator - Administrator user level is a built-in user level that has all permissions plus the privileges to modify User IDs and User Levels. Its permissions are same as that of the hard-coded Administrator. The User Level ID of Administrator is -1.

Default - Default user level is built-in user level with user level = 0. Since User Level field is an integer field, if you set a default value of 0 for this field, this user level will become the default user level for the user after registration and before the Administrator assigning another higher user level.

Note Even you enable all permissions for an user defined User Level, the User Level will NOT become same as this Administrator User Level.

Lookup Permission

If a table is enabled for Lookup permission for a certain user level, the user can use the table for lookup even if he do not have any other access permission on that table.

  • Static User Level Permission, just check/uncheck the Lookup permission for the User Levels in the static User Level Permission form.
  • Dynamic User Level Permission, login as administrator (with admin user level permssions) and modify the Lookup permission in the user level permission page.
  • Security enabled but with no User Level Security enabled, you can still set the permission for anonymous access by check/uncheck the permission for the Anonymous User Levels in the static User Level Permission form.

 

User Login Options
User Login Options allows you to create a complete user registration system for your website, with options to let user register, change password and recover password.

Password
Hashed password

Use hashed password. If the advanced setting Use password hash is enabled, password_hash will be used to create password, otherwise md5 will be used.

Notes
  1. If you enable this setting, make sure that the passwords in your user table are stored as the corresponding hash of the clear text password. If you also use case-insensitive password, convert the clear text passwords to lower case first before calculating the hash. Otherwise, existing users will not be able to login. The hash is irreversible, password will be reset during password recovery.
  2. DB AppMaker will try to detect salted password created by other application. (DB AppMaker itself does NOT create salted password.) If salted, the password must be stored in '<hashedstring>:<salt>' format, and the hashed string must be the md5 hash of the concatenated string of the clear text password and the salt. Other salt algorithm is not supported.
  3. If you enable the advanced setting Use password hash, the password field in the user table should be able to store more than 60 characters (255 characters would be a good choice).
Case-sensitive password Use case-sensitive password
User Sign Up Page
Enabled Enable user sign up page in the menu and login page.
Fields

Fields to be included in the sign up page. Click the [...] button to select fields. The password field is mandatory.

Note If you use User Level Security also, you should not include the User Level field because a new user is not supposed to choose his/her own User Level. If the User Level field is not included, the default User Level for new user will be 0 (Anonymous). You can assign a suitable User Level to the user later as an administrator. Alternatively, you can also set a default value for the User Level field in your database or in DB AppMaker. Then the new user will get the default User Level immediately after registration.

 

Also See

Tutorial - User ID Security
Tutorial - Static User Level Security
Tutorial - Dynamic User Level Security
Tutorial - User Sign Up
Multi-Language Project

 

 ©2021 e.World Technology Ltd. All rights reserved.