ERP/2.50/Developers Guide/Concepts/Security Model

Introduction

This section discusses how different Openbravo security concepts influence development in Openbravo.

Openbravo's security concept consists of three main parts:

• Multi-Client/Multi-organization: defines which client/organizations are visible to a user and referenceable from other client/organizations.
• Data access level (of a table): defines the client/organization which is allowed for data stored in a specific table. See the access level field of AD_Table.
• Access definition: Openbravo has several access definitions, allowing for fine-grained access control, see the tables in the org.openbravo.model.ad.access package.

This section will discuss security and access definitions from the perspective of a developer. Where necessary references to functional documentation is used.

The developer can work in two modes in Openbravo: 1) traditional: using sqlc etc., 2) data access layer: using the new data access layer. Both approaches are discussed separately.

Openbravo Security Concepts

The following functional documents give a good introduction in Openbravo security concepts:

• Security Setup
• Security Multi-Organization
• How to define user, roles, privileges and menus
• Configuration Manual, configuring roles and users

Security concepts and Openbravo Servlets

The tables in the org.openbravo.model.ad.access package define access control for windows/tabs, processes, workflow etc.

The security checks using this table are implemented by the HttpSecureAppServlet servlet. Any servlet extending this class will automatically inherit this security implementation.

Security concepts and XSQL and Manual Code

Openbravo provides a standard way to extend sql queries with filters for accessible clients and organizations. This is discussed in detail in this section of the developers guide:

• XSQL Definition
• XSQL Java Usage

Security concepts and the Data Access Layer

For the developer the Data Access Layer provides several interfaces (OBCriteria and OBQuery) that take automatic care of specific security aspects:

• filter for readable clients/organizations
• filter for readable tables (based on AD_Window_Access)

In addition checks are done when retrieving a value of a property. The data access layer makes a distinction between the following two read-modes (on object level):

• direct readable: all properties of the object are readable, this readability is defined by the AD_Window_Access table
• derived readable: only the id and identifier properties are readable, derived readable entities are the entities which are not directly readable but are refered to by directly readable entities.

The DAL also checks write access when changing properties of a business object. Write access is also checked when an object is saved to the database. The following checks are done:

• the user has write access to the client/organization
• the user has write access to the table of the object (defined in the AD_Window_Access table)
• the client/organization of the object fit to the access level of the table
• the object only refers to other objects which are in the natural tree of organizations of the object itself

The data access layer also performs specific authorization checks when an object is deleted: the user must have access to the object and it must be deletable.

For much more information on how the Data Access Layer implements security see this link.

For more information on the Data Access Layer and multi-client/multi-organization see this link.

 New Selectors |  Multi-Client and Multi-Org