Tutorial - Advanced Security - Static User Level Security

In this tutorial we will show you how to setup static User Level Security in PHP Report Maker. We will use the demo database for demonstration.

User Level
User Level Security secures data at table level. Each user level is granted with specific permissions to tables in the database. Users with different access levels are restricted with different rights.

Note: User Levels and the permissions are defined in the project. If you change them settings after script generation, you'll need to modify the generated script or re-generate the scripts again. (Dynamic User Level as provided by PHP Report Maker is not supported by PHP Report Maker.)

The "Employees" table and "Orders" table in the demo.mdb will be used in this example.

Fields in Table "Employees"

Fields in Table "Orders"

Steps to Setup Static User level Security

1. Loading PHP Report Maker

Open PHP Report Maker and connect to the demo database. Note that the tables and views are not selected by default, these tables and views are the source tables of your reports. However, to demonstrate the User Level Security, we use these tables directly in this tutorial for simplicity. The setup for Detail and Summary Report and Crosstab Report is exactly the same.

In the database pane, check the "Orders" table and some other tables to generate simple reports for them. (Alternatively, you can also select tables in the [Generate] column of the Table Setup page.)

2. Setting up User Access Levels

Click on the [Security] tab, there are two sections for the login process:

Administrator Login
If you tick this option, a hard-coded Administrator account will be generated which has all access right to all tables/views.

Use Existing Table
Tick this option to set up the user access levels. You should select the security table and the corresponding Login Name and Password fields.

To set up the user levels, click on the [Advanced] button. A popup window will appear. Click on the [User Levels] button. Select the User Level Field.

Note: The User Level field must be of integer data type. Non integer fields will not be seen in the User Level Field combobox.

There are two built-in user levels:
Administrator - Administrator is a built-in user level that has all permissions plus the privileges to modify User IDs and User Levels. Its permissions are same as that of the hard-coded Administrator Login. The User Level ID of Administrator is -1.
Default - Default user level is built-in user level with user level = 0. Since User Level field is an integer field, if you set a default value of 0 for this field, this user level will become the default user level for the user after registration and before the Administrator assigning another higher user level.

Note: The Anonymous built-in user level in previous versions is deprecated.

Click to add a new user level. Enter the description, and default permissions. Click OK to finish.

For each user level, you can set refine the permission for different tables/views. Click OK to finish.

3. PHP Script Generation

Click the [Generate] button and PHP Report Maker will generate the required PHP scripts automatically.

4. Running the PHP Application

To see the Advanced Security works, we login using "andrew" as user name and "1234" as password. The user is of "Manager" user level. In the menu, you'll see that you can access all allowed reports.

Now we logout and then login again as employee #1 using "nancy" as user name and "1234" as password.

According to the user level defined by us, users with "Sales" user level has view permission to the "Orders" table only. In the menu, you'll see no links to other reports.

If you try to go to other reports by typing the URL directly in your browser, you're not allowed to view it and you'll be redirected back to a report that you have permission.

Note: There are two types of Advanced Security implemented in PHP Report Maker - User ID Security and User Level Security. User ID Security secures data at record level; User Level Security secures data at table level. They can work independently or work together. See the following tutorial also.

Also See:

Advanced Security - User ID Security
Advanced Security - Dynamic User Level Security