Secured Variables resolve to values based on the User that is logged into the system. They are derived from an individual User or a User’s Domain. They are applied to queries in the pipeline like Node Variables, but their values are based on a User’s identity rather than a record in the underlying dataset.
Default Secured Variables can be treated two different ways within the system:
To create a default Secured Variable, select “Manage By: Defaults”, and then click on the “Secured Variables” tab.
The following actions are available via footer controls:
Delete a Secured Variable from the system. Deleting a default secured variable is a global action which affects Domains and Users. This action requires first selecting a Secured Variable.
Once a default Secured Variable has been created, an administrator can set up different values to use for individual Users, or for groups of users (Domains).
See Defaults for more information.
Shows the globally defined “Default” value for this Secured Variable. This value is in effect when “Inherited?” is set to “Yes”.
When inheriting values for Secured Variables, the “Default Value” will be displayed as a reference.
When trying to inherit a Secured Variable that has no default value set, a warning message will appear in place of the “Default Value”.
Overriding Secured Variables can be done statically, with a STRING value.
A more advanced “Expression” option is also available to dynamically create values based on common objects, such as the login name for a User.
To take advantage of the Secured Variables that have been configured, they have to be introduced into queries using the Insert > Secured Variable button. This is done in the in the pipeline.
The example below assumes we have information from multiple companies, and that the administrator wants to limit those records based on the company a specific user works for. The resulting query would look something like this:
The green block used in the where clause shows a Secured Variable. The CompanyName Secured Variable will resolve to the value set up in the provisioning interface. For example:
Because the Secured Variable is used inside of a WHERE clause, it will act as a filter. The CompanyName Secured Variable will evaluate based on the user that is logged into the system. Depending on how the provisioning has been set up, CompanyName will resolve to one of the following:
The order is important here. A value set at the user level with override the Domain value, and a value set at the Domain level will override the default value.