Application Resources

The Application Resources (SCRSRC) page defines the resources (for example, tabs, transactions, tables, inquiries, widgets, jobs, and so forth) that can be secured in CGI Advantage. All items in the system that your site is using must be defined as application resources; otherwise, no user will be able to access these items. As part of the definition of an application resource, resource group is required.

Field InformationField Information

Field	Description
Resource ID	The Resource ID is the Transaction Code for transactions (for example, GAX), the data object name for tables (for example, R_COMM_CD), the query object name for inquiries (for example, ALOT_STRU_1_1_QRY), the tab name for tabs (for example, HR_EmployeeProfileManagement.afER.RATINGS), or the application and page name for pages (for example, Transaction_Controls.pR_GEN_DOC_CTRL_Generic). The Resource ID is constructed differently depending on what type of resource.
Short Description	This field provides a short description of the selected Application Resource.
Description	This field provides a detailed description of the selected Application Resource.
Resource Type	This field matches the Application Resource. Valid values are Tab, Transaction, Job, Page, Query, Service, Reference Table, or Widget.
Resource Group ID	This field associates the resource with its Resource Group.
Organization Security Type	This setting determines which of the organizational field values (for example, Department, Unit, Branch, and Cabinet) from a resource should be compared to the user’s Home and Foreign Organization field values to verify whether or not that user has access to the resource. The available values are described below: Identifying: The values in Department and Unit. Security uses the values from these two fields to perform a look-up against the Unit (UNIT) page to fetch the full set of organization field values. With these values, it then verifies that the user is authorized for this organization by comparing these values against those in the user’s Home and Foreign Organization definition. All: Any of the Organizational elements present on the resource. For example, if only Branch and Cabinet fields were on the resource, then security would get the values from these fields and compare them to the corresponding fields in the user’s Home and Foreign Organization definitions to authorize the user. Both: If the values in Department and Unit are present, then access is handled like Identifying. If either Department or Unit is not present or neither is present, then access is handled like All. Note: Transaction must be set to Both because at the time security is being set up, it is not always known whether a Unit code will be required on the transaction or not. Also, transactions may conditionally use Indirect in addition to Both. This additional Indirect organizational authorization is enabled through the transaction business logic (see the CGI Advantage Developer Guide for more details). None: No organizational related security check is performed. Indirect: The organizational values from related records. If no organizational elements exist but do exist on logical child records, then security would check organizational authority against those child records. If any child is authorized based on its Organizational Security Type, then the logical parent record is authorized. When using Indirect, Organizational Security on the logical parent record is internally treated as None.
Logging	Selecting this check box will log all security activity (for example, successful and unsuccessful access attempts) against this resource.
Page Security	Selecting this check box activates Page-level and Tab-Level security. Page resources are initially enabled with Page Security. If this check box is not checked, a page resource cannot be secured. There is an exception to the above rule with regards to transaction pages. A transaction has two associated resources, a transaction resource and a page resource. The only time the page resource for a transaction needs to be secured is when UI Field Security, also known as “field masking” is required for the transaction. In all other cases of transaction security, it is enough to configure security using the transaction resource. Tab-level security provides the ability to secure individual tabs residing as part of other pages. For example, tab-level security can be used for an activity folder when a user should be restricted to viewing only specific tabs. In order for a user to be restricted from accessing a tab, a record for that resource item with the resource type of Tab must be created on Application Resources. If no record for that tab exists, any user will have access to the tab. By default, all tab resources are already added as Application Resources with Page security enabled. The default resource group for existing tab resources is the AF_TAB resource group. By default this resource group is assigned to the ANY security role will full access. If a scenario is identified where one or more of the tab resources needs to be restricted, the administrator would re-assign the tab resource from the AF_TAB resource group to another resource group. In order to secure an entire activity folder, one has to only secure the page resource for the activity folder. Only if access to the page has been already granted, may there be a need to restrict access to the tab resources representing sections within the activity folder page.
Row Filtering	Selecting this check box ensures if any of the organizational or other secured fields in the row are not authorized for a user, then the user is not allowed to view the record. Warning: Using the Row Filtering function may impact the performance of CGI Advantage because implementing it is processing-intensive. Specifically, when a user accesses a page displaying a resource for which row filtering has been enabled, CGI Advantage performs the following checks for each row to be displayed: Organizational Security Type Check – Does the user’s Home and Foreign Organization field values meet the requirements for this security check? Field Security Check – Does this resource have secured field(s) associated with it? If so, has field security for this Resource Group been activated (that is, has the Data Field Security Indicator check box been selected on the Access Control page) and do the field values meet the requirements for this security check? Based on these checks, CGI Advantage either displays the row to the user or filters it out so that the user does not see it.
Row Secured Fields	This is a display-only field that indicates how many fields on the current resource have been secured.
UI Field Security	Selecting this check box triggers the activation of UI Field Security. Refer to the "User Interface Field Security" topic for more information.
UI Secured Fields	This is a display-only field that indicates how many fields are set up for UI Field Security.

Related PagesRelated Pages

Row Secured Fields - A transition to the Application Resource Fields page, which allows the addition of fields that can be secured for the selected resource.
UI Secured Fields - A transition to the User Interface Field Security page, which allows the establishment of which fields are subject to restriction and to what extent, based on Security Group.
Action Log - A transition to the Action Log page, which allows a view into the history of logged actions for the selected resource.
Resource Group - A transition to the Resource Groups page, which allows the definition and viewing of resource groups in the system. A resource group is a logical grouping of similar application resources.