Versions Compared

Old Version 6

changes.mady.by.user Saumya Sunder (Inactive)

Saved on

compared with

New Version 7

changes.mady.by.user Smita Nair

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

width600px

Description

...

Include Page
TEMP:How to implement role

...

based security

...

Steps

  1. Have the database administrator define roles for each Confluence user by user id and set appropriate authority to data based on roles. A role for anonymous should also be added.
  2. Go to UPM and find the SQL
  3. Press the Configure button
  4. Add a data source profile 
    • Add a dataSource parameter to reference an application server data source if it has a different name that the profile
    • Add beforeSql and afterSql parameters similar to the example below
  5. The new profile is available immediately - test it on a page to ensure expected behavior
Tip
titleImplementation without page updates

Once you are finished testing, you can use data source alias support to change an existing (application server) data source to use the new role-based security model without requiring any page updates. Simply rename the data source profile to the same name as the existing (application server) data source already used in the SQL macros.

Warning
titleCache macro

The Cache Macro should not be used around any content that is rendered differently for different users. The role-based model described here renders differently depending on the user, so the Cache Macro should not be used in this case.

Example

For Postgres, the following SQL works:

No Format
beforeSql=begin; SET LOCAL ROLE @user_id@; 
afterSql=; rollback;

The substitution variable @user_id@ is replaced in SQL by the SQL macros with the current logged in user id or anonymous (if not logged in).

...

for SQL queries - 8.x
TEMP:How to implement role based security for SQL queries - 8.x