Finally, here is a solution that will resolve, once and for all, a problem I've been having ever since I started my development: how to easily secure my application according to the user profile.

I have stopped counting the number of times I've been asked to develop an application and then, right in the middle of the development process, I had to urgently restrict access to specific users. Since the code was not made for that, I have found myself modifying the application to manage profiles just so I could disable a menu. Once you start dealing with this problem, you realize that you have to store this information somewhere before developing screens in order to manage users and roles, etc.

Eventually, after facing the same problem over and over, I ended up developing my own solution that I try to use from project to project, but nothing as efficient and reliable as what Visual Guard offers.

Indeed, this tool provides a complete framework, allowing you to manage the authentication and authorization of users. It also includes an administrative and development console that allows you to manage all those actions easily.

When I first started learning Visual Guard, I was afraid it would impose a very strict securituy model on me, forcing me to adapt the design of my screens to meet its own constraints. However, you quickly realize that Visual Guard is very non-intrusive to the application code, and here lies the elegance of Visual Guard. It enables you to almost completely separate the security process from the rest of the application. During my tests, I was even able to integrate it within an previously written application.

How Does Visual Guard Work?
First, the developer must integrate Visual Guard within his or her PowerBuilder application. The first step is easy: just add two PowerBuilder Libraries to your application and then initiate Visual Guard. A variable declaration and a few calls to services will be enough to start using Visual Guard.

The project that I tested Visual Guard with already had its own log-in window. I replaced the call for the authentication function with the one provided by Visual Guard. It's also possible to use your own authentication system (as is the case with the Windows or database logins).

To secure the objects of the application, the developer must call Visual Guard from each object (see Figure 1). Usually, it's added to the open event of your window ancestors.

And then?...Well, that's it! At least for what has to be coded. Didn't I tell you that Visual Guard was very non-intrusive?! To be honest, that is enough if you just have to modify "elements" from a window (disable keys, hide fields, etc.). Otherwise, you'll have to insert a line of code into the constructor of the designated object.

As for the rest, everything is done with Visual Guard tools:

• The Developer Workshop that defines, in a very simple way, the restriction and permission actions on the application objects (hide, show, disable, protect application elements, etc.).
• The Profile Manager that allows you to define users and profiles (relations between permissions and users). This console does not require any specific technical skills. You can assign it to a user under the condition that his or her position in the company allows him or her to attribute permissions.

I was very happy to see that the repository can handle multiple applications. This means that you only have to define users once and they will be known by all secured applications. Permission management is centralized in just one database.

Once the repository is created, you must indicate which application has to be secured. You then have to define permissions (named "functions" in Visual Guard), which will be attributed to users; for example, " hide salary" or "hide personal information."

For each permission, define which actions to do on the application (hide a field, for example). These actions will be executed dynamically by Visual Guard when a user is associated with this permission.

You must then create Profiles. A Profile allows you to regroup users who have the same position in the company (and the same usage of the application): salespeople, managers, etc. A Profile is a group of permissions associated with users at the same level within the company.

Once this security data has been captured by Developer Workshop and the Profile Manager's modules, you can then initiate the application. Once the user is authenticated, Visual Guard will dynamically grant access (or not) to the permissions of the application (for example, it will hide the "salary" field).

Pros
Visual Guard provides a complete solution to secure your applications. It covers most of the needs I've encountered in this field. It's easy to implement and provides an original approach by separating security management from the rest of the code. It prevents the code from being modified, tested, compiled, and deployed each time the security rules are modified.

Another point of interest: with Profile Manager, user management can be assigned to administrators or users, thus avoiding us from being called up every time users have new demands.

Cons
The personalization of the application by Visual Guard can go very far. Technically, we could use it for needs not specifically related to security (modifying management rules according to specified users, for example).

Be aware of this approach though. The "dynamic" aspect of the application adds a level of complexity that could make it difficult to maintain.

NOVALYS

41/43, rue Paul Bert
92100 Boulogne, FRANCE.
Phone: +33 1 41 31 82 82 Fax: +33 1 41 31 82 90
E-mails:
contact-vg@novalys.net
support.vg@novalys.net

Technical Requirements

• PowerBuilder 5 à 10.5
• VB.NET, C#, ASP.NET or ASP.NET 2.0
• .NET Framework 1.1 or 2.0