What is Visual Guard?
Visual Guard is a tool designed for managing user profiles and permissions in PowerBuilder applications. With Visual Guard, you determine what each user can do, see and modify.Administrative tools simplify the daily management of users and their permissions.No need to change the application code: Visual guard dynamically changes the application’s behavior according to the user profile.Visual Guard supports PowerBuilder up to version 11, as well as PowerBuilder code migrated to .NET applications (Winforms and ASP.NET Webforms).
Authentication in RBAC consists of verifying the identity of the user through a two step process:
• Identification: Stating who you are;
• Authentication: Proving who you are.
Two types of needs:
• You may need to create a list of user accounts/passwords from scratch.
• You may already have Windows accounts stored in Active Directory and need to re-use it at application level.
The solution:
Visual Guard PowerBuilder supports login/passwords authentication.
A user account declared in Visual Guard is available for all your PowerBuilder applications.
It supports the following authentication modes:
• Visual Guard Accounts (created and managed by Visual Guard)
• Windows Accounts (local account or Active Directory account) (coming soon)
- Windows accounts/Active Directory
If you use the Windows authentication mechanism, passwords are created, stored and administered in Active Directory. You will be able to re use Windows authentication mechanism to identify users of your applications, and then assign Visual Guard profiles and permissions to this user.
- Single sign-on
If you use Active Directory to manage user accounts you may want to implement a single sign-on process: once a user is logged on in a Windows session, any application opens without asking for further credentials.
Visual Guard supports Single Sign-On configurations for Windows accounts.
- Visual Guard PowerBuilder Accounts
Visual Guard PowerBuilder has its own membership provider to manage user accounts and passwords.
Credentials are stored in the Visual Guard repository.
What type of permission can Visual Guard manage?
How Visual Guard PowerBuilder does defines permissions?
Permissions define what a user can do in an application:
Basically, you define what the user is allowed to see, do and modify in your applications based on his profile.
Specific words are used to define permissions: authorization, Rights, Restrictions, Privileges…
There are two ways of defining permissions:
The most secure way is to forbid everything by default, and then grant permissions to allow possibilities.
This way, if you forget to define a permission, the user won’t be able to do something he should, rather than accidentally do something he shouldn’t.
The faster way is to allow everything by default, and then you assign restrictions to forbid some actions.
This way is faster because typically there are fewer restrictions than permissions.
But as a result you usually end up with a role based access solution that is complex, costly to maintain and difficult to update.
The need:
By default, an application includes code that defines the permissions to run it. But this means that each time you define a permission, you need to go through the entire development process again (specification, coding, testing, deployment, etc).
This is a sharp issue because:
Applications typically are updated only every 2 or 3 months, whereas permissions can require much more frequent updates.
Bridging the gap between the functional requirements and permission’s technical implications can be very time consuming.
Complex permissions are often identified only when the application is in production, requiring an immediate fix.
The solution: Modify dynamically your applications
With Visual Guard PowerBuilder, you do not write code in the application to define permissions. Your code is dynamically modified in runtime.
You can create or modify permissions without going through the entire development cycle of coding, testing, deploying, waiting for feedback…
You can define permissions any time, even when the application is in production. They are effective immediately.
What types of permission can Visual Guard manage?
There is no limitation on what permission you can implement with Visual Guard. Any change you want to make in your PowerBuilder application and any restriction are possible.
For instance, you can:
Hide or disable fields, menu options, tabs, controls…
Switch a Window into “read only”
Filter data in a list
Modify business rules…
How Visual Guard PowerBuilder does defines permissions
Visual Guard can list all the objects and their properties. The developer uses the Developer Workshop to identify the object related to the permission and assign a new value to one of its properties (like “visible” = “false” if you want to hide a control). This permission definition is then stored in the Visual Guard repository. The application code remains unchanged. Visual Guard modifies the application at runtime according to this permission.
Visual Guard is a tool designed for managing user profiles and permissions in PowerBuilder applications. With Visual Guard, you determine what each user can do, see and modify.Administrative tools simplify the daily management of users and their permissions.No need to change the application code: Visual guard dynamically changes the application’s behavior according to the user profile.Visual Guard supports PowerBuilder up to version 11, as well as PowerBuilder code migrated to .NET applications (Winforms and ASP.NET Webforms).
Authentication in RBAC consists of verifying the identity of the user through a two step process:
• Identification: Stating who you are;
• Authentication: Proving who you are.
Two types of needs:
• You may need to create a list of user accounts/passwords from scratch.
• You may already have Windows accounts stored in Active Directory and need to re-use it at application level.
The solution:
Visual Guard PowerBuilder supports login/passwords authentication.
A user account declared in Visual Guard is available for all your PowerBuilder applications.
It supports the following authentication modes:
• Visual Guard Accounts (created and managed by Visual Guard)
• Windows Accounts (local account or Active Directory account) (coming soon)
- Windows accounts/Active Directory
If you use the Windows authentication mechanism, passwords are created, stored and administered in Active Directory. You will be able to re use Windows authentication mechanism to identify users of your applications, and then assign Visual Guard profiles and permissions to this user.
- Single sign-on
If you use Active Directory to manage user accounts you may want to implement a single sign-on process: once a user is logged on in a Windows session, any application opens without asking for further credentials.
Visual Guard supports Single Sign-On configurations for Windows accounts.
- Visual Guard PowerBuilder Accounts
Visual Guard PowerBuilder has its own membership provider to manage user accounts and passwords.
Credentials are stored in the Visual Guard repository.
What type of permission can Visual Guard manage?
How Visual Guard PowerBuilder does defines permissions?
Permissions define what a user can do in an application:
Basically, you define what the user is allowed to see, do and modify in your applications based on his profile.
Specific words are used to define permissions: authorization, Rights, Restrictions, Privileges…
There are two ways of defining permissions:
The most secure way is to forbid everything by default, and then grant permissions to allow possibilities.
This way, if you forget to define a permission, the user won’t be able to do something he should, rather than accidentally do something he shouldn’t.
The faster way is to allow everything by default, and then you assign restrictions to forbid some actions.
This way is faster because typically there are fewer restrictions than permissions.
But as a result you usually end up with a role based access solution that is complex, costly to maintain and difficult to update.
The need:
By default, an application includes code that defines the permissions to run it. But this means that each time you define a permission, you need to go through the entire development process again (specification, coding, testing, deployment, etc).
This is a sharp issue because:
Applications typically are updated only every 2 or 3 months, whereas permissions can require much more frequent updates.
Bridging the gap between the functional requirements and permission’s technical implications can be very time consuming.
Complex permissions are often identified only when the application is in production, requiring an immediate fix.
The solution: Modify dynamically your applications
With Visual Guard PowerBuilder, you do not write code in the application to define permissions. Your code is dynamically modified in runtime.
You can create or modify permissions without going through the entire development cycle of coding, testing, deploying, waiting for feedback…
You can define permissions any time, even when the application is in production. They are effective immediately.
What types of permission can Visual Guard manage?
There is no limitation on what permission you can implement with Visual Guard. Any change you want to make in your PowerBuilder application and any restriction are possible.
For instance, you can:
Hide or disable fields, menu options, tabs, controls…
Switch a Window into “read only”
Filter data in a list
Modify business rules…
How Visual Guard PowerBuilder does defines permissions
Visual Guard can list all the objects and their properties. The developer uses the Developer Workshop to identify the object related to the permission and assign a new value to one of its properties (like “visible” = “false” if you want to hide a control). This permission definition is then stored in the Visual Guard repository. The application code remains unchanged. Visual Guard modifies the application at runtime according to this permission.
No comments:
Post a Comment