Several suggested setup strategies are as follows:
Page security is recommended over table security. One of the fundamental concepts of the security model is to focus access restrictions for users to Transaction and Page resources as opposed to configure access restrictions to the various inquiry tables updated and reference pages read during transaction processing. The reason is that if a user should be denied access to open a Transaction, Reference, or Inquiry Page, the CGI Advantage application should produce an error message that the user is unauthorized to open the particular page.
Transaction and Page resources are assigned to its own resource group where the resource group has the same ID as the Transaction or Page code. This ensures that the Transaction/Page can be independently secured and easily identified on Access Control.
Application Resources of different resource types should never be assigned to the same resource group. This approach makes Access Control configuration more intuitive. The large number of check boxes on Access Control is easier to configure if the administrator is allowed to focus on only one application resource type at a time. If all resource groups only contain resources for one particular resource type, it is easier to identify which check boxes that needs to be enabled or disabled on Access Control for that particular resource type.
Access grants to a Transaction or Page should be configured by granting access to the Resource Group that contains the Transaction or Page instead of using the Reference or Inquiry page resources indirectly used by the Transaction or Page. Reference and Inquiry resources are usually used by multiple Transactions and/or Pages and restricting access to any one Reference page or Inquiry resource may unintentionally negatively affect related Transactions and/or Pages. Using independent Transaction and Page resource groups only affects that requested Transaction or Page resource.
Reference and Inquiry table resources should only be used in security configurations when the requested security behavior cannot be achieved using the Transaction or Page resource group, e.g. when records needs to be hidden from the view (Row Filtering) or when entered data needs to be validated when saving records on a Page (Data Validation).
Resources of type Job and Tab have limited use and as such are used to compliment the other resource types.
Job resources are by default granted to all users by granting update access to the ANY role to the INT_JOB resource group.
Tab resources are by default granted to all users by granting update access to the ANY role to the AF_TAB resource group.
Page resources used to enable UI Field security for Transaction resources are assigned to the DOC_PAGE resource group and initially granted to all users by granting update access to the ANY role to the DOC_PAGE resource group. These page resources only need to be used if UI Field security is required for a Transaction.