Efficy Overflow Q&A - Recent questions tagged security

Efficy.setUserSecurity: You can't assign a security level you don't have as default right !

Thu, 26 Sep 2024 14:17:03 +0000

I have an record on a custom entity which have the following security

From a BeforeCommit workflow trigger for this entity, I am using the following code

var secuKUser = 99999002;
Efficy.setUserSecurity(editHandle, 99999002, 271); // 99999002 = EFF_ADMINS and 271 = FullControl.

But then I get the following error, and I don't know what is wrong, does anyone have an idea?

PS : My efficy version is Efficy Entreprise 2021 - Build 12.0.27691.0

SOAP API Security

Wed, 22 Feb 2023 10:53:13 +0000

Good morning everyone,

I'm testing the configuration of the SOAP API and I'm a bit confused on how the security works.

Following the "Easy SOAP integration" project guide I created two queries : one to retrieve a contact's Key with a email parameter and another to retrieve the list of active opportunities of a specific department (no parameter, the department is set). Both query have the following security settings : Administrators group : full control.

I've setup the SOAP Group removing any Privileges and any Table Rights, only checking Query:Execute.
I've setup the SOAP User removing any User Privileges and any User Privileges in Designer ; setting the User Role as SOAP Group; removing the user from Everyone and adding it to the SOAP Group.

Testing the API calls with Postman I get the following results :
* the contact query returns the key value
* the opportunities query return no results unless I add the SOAP User to the right department group

Where does the different behaviour come from ?
Subsequently, how can I restrict the SOAP user from executing any request, allowing only the few specifically designed for the API purpose ?

Thank you for your help,

Alexandre

Efficy 12.0 user securities list is missing options

Wed, 17 Nov 2021 11:36:39 +0000

I remarked that in Efficy 2021 the list of securities options is different from Efficy 11.3 version when linking a user in the securities. Is there any reason for this change ?

PS : this can raise errors while migrating customers from previous version to Efficy 2021, so developper will need to review all serverscripts/serverJS where the function "Efficy.setUserSecurity" is used

Efficy 2021 security list option for user

Efficy 11.3 security list option for user

How does work Efficy.impersonateUser(impersonateAccount, forceUserRole)

Thu, 10 Jun 2021 13:31:38 +0000

how is working this new option for remote in Efficy 12 Efficy.impersonateUser(impersonateAccount, forceUserRole)
Is it same as Efficy.forceUserRole(roleId) but not for remote ?

It's stricly only available on remote or can we use it with an Efficy scheduler ?
My goal is to be able to change user as owner when creating a record form script.
Does it really take the role and all securities rules on creation ?

I mean that if you check the impersonate option for user in designer you can use it as an impersonate. That is the right way to use it ?

Prevent "subprojects" from being determined as content to be secured

Fri, 18 Dec 2020 13:19:24 +0000

By default, when the content of a project is secured. This content-security is applied to mails, documents and actions by default. The entities to be considered as "content" can be extended by adding a field to the entity and adding that entity in the settings (ContentEntities).

However, a subproject which is linked to a project (PROJ_PROJ) is always considered as content to be secured, regardless of the settings. *And these subprojects will have the same content-security settings*

Is it somehow possible to customize Efficy so that the linked subprojects are not considered as "Content to be secured" ?

This is highly requested by one of our customers in The Netherlands.
Thanks for any help.

security from entities

Fri, 17 Jul 2020 09:22:08 +0000

hi,
I try to inherited security from company when i create a new contact and link to the company.
I change in designer sys_settings Efficy : "contentEntities": "Docu;Acti;Mail;Oppo;Cont",
but when i try the security is not set as the company security.

How can i fix this ?

Differences between "setUserSecurity" and the combination of "setSecurityUsers" + "postSecurity " (with securitylist)

Tue, 08 Jan 2019 13:39:29 +0000

Hello Efficy Team,

I would like to know the difference between "setUserSecurity" and "setSecurityUsers" + "postSecurity " (with securitylist).

As I understand from from the documentation, "SetSecurityUsers" add user with their default securities (defined in conficy) and "postSecurity" is the function to apply those security to the record (but what if we don't call postSecurity ? What append ?). I never used it, I am not even sure I understand it correctly.

I saw the new "securitylist" provided in Efficy 11.2. Could the R&D provide an exemple ?

Thanks a lot,

Loïc

Tool to convert security values to explaination and vice versa

Tue, 14 Aug 2018 08:49:33 +0000

Hi guys i ve made a really small tool to quickly see what rights are allowed with a security value and which is the security value I need to add for a specific set of rights.

find the fiddleJs here : https://jsfiddle.net/LouisMoisyChapel/eg4rqyt8/

this is how it works :

you can obviously set the wanted checkboxes to see the value
Or you can set a value and see the checkboxes result.

this is the full code (add it in a dialog ".htm" page and run it from efficy with a url like :
https://yourcrmserver/11.0/crm/dialog?page=dialog/securityConverter.htm
)

<%SetBookmark()%>
<%LoadMacros('MacroLibrary;MacroDialog')%>
<%Macro('Doctype')%>
<html lang="<%GetLanguage(lowercase=T)%>" dir="<%OnLanguage(ar='rtl', else='ltr')%>">
<head>
<title> Manage Chart</title>
<%Macro('MetaHead')%>
<%UseStyleSheet(page='%%OnLanguage(ar="efficy-rtl", else="efficy")')%>
<%UseScript('../lib/js/vendor/modernizr.js', fixedline=T, fixedpath=T)%>
<style type="text/css">
#rightselector {
border: 1px #bbb solid;
padding: 1rem;
}

#rightselector li{
list-style: none;
}

#rightselector li span{
margin-left: 1rem;
vertical-align: top;
}

.NL_switch {
position: relative;
display: inline-block;
width: 40px;
height: 24px;
}

.NL_switch input {
display: none;
}

.slider {
position: absolute;
cursor: pointer;
top: 0;
left: 0;
right: 0;
bottom: 0;
background-color: #ccc;
-webkit-transition: .4s;
transition: .4s;
}

.slider:before {
position: absolute;
content: "";
height: 18px;
width: 18px;
left: 2px;
bottom: 3px;
background-color: white;
-webkit-transition: .4s;
transition: .4s;
}

input:checked + .slider {
background-color: #368a55;
}

input:focus + .slider {
box-shadow: 0 0 1px #368a55;
}

input:checked + .slider:before {
-webkit-transform: translateX(18px);
-ms-transform: translateX(18px);
transform: translateX(18px);
}

/* Rounded sliders */
.slider.round {
border-radius: 20px;
}

.slider.round:before {
border-radius: 50%;
}

</style>
<script>
var securityValue = 0;
var rights = [
{value: 1, label: "Search"},
{value: 2, label: "Read"},
{value: 4, label: "Write"},
{value: 8, label: "Delete"},
{value: 16, label: "Show content"},
{value: 32, label: "Add content"},
{value: 64, label: "Update content"},
{value: 128, label: "Delete content"},
{value: 256, label: "Secure"},
{value: 512, label: "Secure content"},
{value: 2048, label: "No content"}
];

/**
* Load modules for widgets
**/
function Loaded(){

requirejs([
"jquery"
], function($){
__debug = true;

$.each(rights, function(_index, _item){
$("#rightselector").append("<li><label class='NL_switch'><input type='checkbox' id='right_" + _item.value + 
"' onclick='javascript:setSecurityValue();' class='item-checkbox'></input><div class='slider round'></div></label>" + 
"<span style='margin-bottom: 5px'>" + _item.label + "</span></li>")

});

});

console.log("Page loaded");
}

function setSecurityValue(){
securityValue = 0;
$.each(rights, function(_index, _item){
if ($("#right_" + _item.value).is(":checked")) securityValue += _item.value;
});
$("#securityvalue").val(securityValue);
}

function setRights(){
securityValue = Number($("#securityvalue").val());
$.each(rights, function(_index, _item){
var temp = _item.value & securityValue;
if (temp === _item.value) $("#right_" + _item.value).prop("checked", true);
else $("#right_" + _item.value).prop("checked", false);
});
}

</script>
</head>
<body onload="Loaded()" data-keep-size>
<div class="row dialog-wrapper" data-channel="dialog/main">
<div class="small-12 columns button-group toolbar">
<h3 class="section-title">
<%GetLabel('Security converter')%>
</h3>
</div>

<div class="row small-12 medium-6 large-4 columns left">
<ul id="rightselector">

</ul>
<label style="margin-left: 1.1rem;">Security value
<input type=number width="100%" id="securityvalue" onchange="setRights()"/>
</label>
</div>
</div>

<!--</body>-->

<%Macro('DialogScriptsRequire')%>
<%UseScript('../../lib/js/jquery/jquery', fixedline=T)%>
<%UseScript('../../lib/js/fnd/foundation', fixedline=T)%>
</body>
</html>

It should be enough to make it work (tell me if not)

It would be definitly cooler if Efficy could add it on Edn.
best regards

Origin of some filters in sys_queries

Mon, 23 Jul 2018 10:11:19 +0000

Hello,

We're having issues to find some items trough the "Search Company" popup (pages/Search.htm).

So we compared the queries executed for these users and discovered that some filters were added at the end of the queries :

 AND ((0 <> 0) OR EXISTS (SELECT S1.K_USER FROM ADMIN.ACC_GROUPS S1, ADMIN.COMP_USER S2 WHERE S1.K_USER = S2.K_USER AND S1.K_USER2 = 61 AND S2.K_COMPANY = COMPANIES.K_COMPANY))
 AND ((0 <> 0) OR (ROLES.K_ROLE IS NULL) OR EXISTS (SELECT S1.K_USER FROM ADMIN.ACC_GROUPS S1, ADMIN.ROLE_USER S2 WHERE S1.K_USER = S2.K_USER AND S1.K_USER2 = 61 AND S2.K_ROLE = ROLES.K_ROLE))

Example of a query executed by a user who does not find the searched item (the specific filters are in the 3 last lines) :

SELECT 
  COMPANIES.K_COMPANY,
  COMPANIES.NAME,
  COMPANIES.F_S_NAME,
  COMPANIES.VAT,
  COMPANIES.BUILDING,
  (select COUNTRY from ADMIN.LK_COUNTRY L1 where L1.K_COUNTRY=COMPANIES.COUNTRY) AS R_COUNTRY,
  COMPANIES.POSTCODE,
  COMPANIES.CITY,
  COMPANIES.STREET,
  COMPANIES.STREETNUMBER,
  COMPANIES.F_BUS,
  COMPANIES.OPENED,
  ROLE_COMP.F_TALKID,
  ROLES.F_TYPE,
  (select F_NAME_NL from ADMIN.LK_CLIENT_ROLE L2 where L2.K_CLIENT_ROLE=ROLES.F_TYPE) AS R_F_TYPE,
  (REPLACE((select REPLACE(';' +  rlr.F_N_BOEKHOUDING + ';', ';;', '') from ROLE$LR rlr join role_comp rc on rc.K_ROLE = rlr.K_ROLE and rc.K_COMPANY = COMPANIES.K_COMPANY FOR XML PATH('')), ';;', ';')) AS V_N_BOEKHOUDING_COMP,
  (REPLACE((select REPLACE(';' +  rlr.F_N_LEASEHOLD + ';', ';;', '') from ROLE$LR rlr join role_comp rc on rc.K_ROLE = rlr.K_ROLE and rc.K_COMPANY = COMPANIES.K_COMPANY FOR XML PATH('')), ';;', ';')) AS V_N_LEASEHOLD_COMP
FROM
  ADMIN.COMPANIES COMPANIES
LEFT OUTER JOIN ADMIN.ROLE_COMP ROLE_COMP ON (COMPANIES.K_COMPANY = ROLE_COMP.K_COMPANY)
LEFT OUTER JOIN ADMIN.ROLES ROLES ON (ROLE_COMP.K_ROLE = ROLES.K_ROLE)
WHERE
  (ROLES.F_TYPE IS NULL OR ROLES.F_TYPE IN (7) OR NOT EXISTS(SELECT rc.k_role FROM role_comp rc INNER JOIN roles r ON rc.k_role = r.k_role WHERE rc.k_company = companies.k_company AND r.f_type IN (7)))
  AND (
(COMPANIES.F_S_NAME like N'%710081%')
) 
 AND ((0 <> 0) OR EXISTS (SELECT S1.K_USER FROM ADMIN.ACC_GROUPS S1, ADMIN.COMP_USER S2 WHERE S1.K_USER = S2.K_USER AND S1.K_USER2 = 61 AND S2.K_COMPANY = COMPANIES.K_COMPANY))
AND ((0 <> 0) OR (ROLES.K_ROLE IS NULL) OR EXISTS (SELECT S1.K_USER FROM ADMIN.ACC_GROUPS S1, ADMIN.ROLE_USER S2 WHERE S1.K_USER = S2.K_USER AND S1.K_USER2 = 61 AND S2.K_ROLE = ROLES.K_ROLE))
ORDER BY COMPANIES.NAME

We don't know what generates these filters.

If I look for this same item, I get the following filters (the real difference is in the begin of the 2 first lines ==> "(1 <> 0)" vs "(0 <> 0)"):

AND ((1 <> 0) OR EXISTS (SELECT S1.K_USER FROM ADMIN.ACC_GROUPS S1, ADMIN.COMP_USER S2 WHERE S1.K_USER = S2.K_USER AND S1.K_USER2 = 493 AND S2.K_COMPANY = COMPANIES.K_COMPANY))
AND ((1 <> 0) OR (ROLES.K_ROLE IS NULL) OR EXISTS (SELECT S1.K_USER FROM ADMIN.ACC_GROUPS S1, ADMIN.ROLE_USER S2 WHERE S1.K_USER = S2.K_USER AND S1.K_USER2 = 493 AND S2.K_ROLE = ROLES.K_ROLE))

We looked at a lot of security options in conficy but could not find anything that could tell us what it is. The only thing we know is that if we remove those lines, we get the desired results.

Is there another place where we should look for this information ?

Kind regards,

Angel

Content security feature default security value not selectable

Mon, 25 Jun 2018 14:48:23 +0000

In conficy

if I want to set the default security of a group about an entity that has the EntitiesWithSecureContent option. ( + CONTENTSECURED field)

I don't have the contentSecurity options in the list of security to apply. this is hardly costumizable since the security option list is managed by a tag

<%GetDefaultSecurityList()%>

that is not overridable...

is there a way to change the default security level with a contentsecurity level?

Of course i can directly change it in DB with sql but Stephane Roncin made me realize that the default conficy page will probably stop to work since those values are not displayable...

Thanks for your feed back

How to remove security using Efficy Functions serverside?

Thu, 22 Mar 2018 15:48:57 +0000

Hi,

From a workflow script I try to remove securities from specified users.

The documentation says that RemoveUsers only affect visible Users so it s not what I need.
I ve try to calculate the Users I want to keep in securities and apply a SetSecurityUsers because the documentation told me that the other users will be removed from security but this doesn't work either in Efficy SP2+
I ve try to used a custom storedProcedure to delete the Comp_User records, but this doesn't refresh my ContextHandle so basically it s not the good behaviour either.

Basically I just want to know how to remove a user from the securities of a record...

Please help.

add condition in sys_query to get security > N

Wed, 18 Oct 2017 11:41:26 +0000

Hello,

I'm trying to add to custom sysqueries comany search kmaster=10, kdetail=-2 condition clause "COMPUSER.SECURITY > 1" so users can see only companies linked to their groups with more than search rights.

[Select]
COMPANIES.K_COMPANY
COMPANIES.NAME
COMPANIES.BUILDING
COMPANIES.PHONE1
COMPANIES.CITY
COMPANIES.OPENED
COMPANIES.F_COMPANY_SHORT
COMPANIES.F_COMPANY_KIND
COMP_USER.K_USER hidden

[From]
COMPANIES
COMPANIES COMP_USER

[Where]
COMP_USER.SECURITY > 1 [fixed]

[Orderby]
COMPANIES.NAME

[Columns]
MENU,NAME{NAMESEARCH},R_F_COMPANY_KIND,BUILDING,PHONE1{PHONE},CITY

[Options]
Distinct=1

But in the querylog, i see the query is executed but the condition clause is skipped.

SELECT DISTINCT 
  COMPANIES.K_COMPANY,
  COMPANIES.NAME,
  COMPANIES.BUILDING,
  COMPANIES.PHONE1,
  COMPANIES.CITY,
  COMPANIES.OPENED,
  COMPANIES.F_COMPANY_SHORT,
  (select F_FULLNAME from ADMINDOMO.LK_COMP_COMPANYKIND L1 where L1.K_COMP_COMPANYKIND=COMPANIES.F_COMPANY_KIND) AS R_F_COMPANY_KIND
FROM
  ADMINDOMO.COMPANIES COMPANIES,
  ADMINDOMO.COMP_USER COMP_USER
WHERE
  COMPANIES.K_COMPANY = COMP_USER.K_COMPANY
  AND (
(COMPANIES.NAME like N'%%%')
)

 AND ((0 <> 0) OR EXISTS (SELECT S1.K_USER FROM ADMINDOMO.ACC_GROUPS S1, ADMINDOMO.COMP_USER S2 WHERE S1.K_USER = S2.K_USER AND S1.K_USER2 = 12 AND S2.K_COMPANY = COMPANIES.K_COMPANY))
ORDER BY COMPANIES.NAME

Any one has a clue please?

Thank you in advance for your help.

Best Regards.

Modify Search query to get user's linked group in security

Fri, 10 Mar 2017 11:05:34 +0000

Hello,

A client using Efficy 10 SP2 has certain groups linked (in security) to all companies and products. So in this case all users can search only for what they concern about.

But also the client wants tree view working to show all linked companies and products (just names even if they don't have access to) so they can know the hierarchy. In SP2 we can accomplish this by setting "Search" rights on all companies and products for all users so the tree view works as desired.

But as side effect, now users get all companies and products in the search window (even the ones they don't have access to), so instead of searching 400 companies, now users get 16000 records which they have access to 400 of them.

so how can i customize the search query "Comp Search, KMASTER=10, kDETAL=-1" so it only retrieve companies linked to user's group in security.

Thank you for your advise in advance.

Best Regards.

Make field editable or readonly based on group rights

Mon, 07 Nov 2016 11:48:08 +0000

I added a boolean checkbox field for the agenda/appointments. This field should be readonly for all users, except for one security group. How do I have to do this? The current value (checked or not checked) should be visible for everybody.

Thanks for your help!

Error on applying security inheritance on parent project

Fri, 22 Jan 2016 12:44:09 +0000

Hello,

I'm trying to apply security on parent project and the security should be applied sub-projects and all documents linked to parent directly or to its sub-projects, but i'm getting this error

Please advise.
Thank you.
Best Regards.

Modify security on parent project and update all subsequent projects+dcouments

Fri, 22 Jan 2016 12:31:51 +0000

Hello,

I have project records(parent) that have projects and document under (children), and i want ot update the parent security in script and i need to be reflected to children. the filed "CONTENTSECURED" is already on. But it's not reflected to the children.

the structure is as in the snapshot (paretn is "ANBE_50604" and all projects and sub-projects and all documents linked to parent directly or to its sub-projects need to be updated)

Please let me know your advise.
Thank you.
Best Regards.

adding default security inheritance on an entity & multiple security inheritance

Wed, 13 Jan 2016 15:53:39 +0000

How to add security inheritance to an Entity (Only on project by default)? And how are multiple inheritance treated?

max login attempts for efficy 2012

Mon, 10 Aug 2015 12:08:34 +0000

Hi All,

I got a customer request to implement a 3 max login attempt for Efficy 2012.

We cannot upgrade to Efficy 2014.
Is it possible to use the Efficy 2014 max login attempt functionality as a customisation on Efficy 2012?

kind regards,
Mark