Making Object Types Read-Only

This topic describes how to make an object type read-only so that the user can view it but not modify it. The example in this topic makes the account object type read-only.

To make object types read-only

1. Use a JavaScript editor to open the security_utils.js file.

2. Add the object type that you must make read-only to the array of security descriptors that Siebel CRM Desktop uses:

   1. Locate the following function:

      siebel_security_manager()
      

   2. Locate the following code that resides in the function that you located in step a:

      factories = {
        "Action": security_manager.factory_from_constructor(activity_security),
        ...
        "Account": security_manager.factory_from_constructor(account_security),
        "Opportunity": 
        security_manager.factory_from_constructor(opportunity_security),
      };
      

      This code defines the array of security descriptors. A security descriptor is a type of object that includes a set of methods, including methods that Siebel CRM Desktop uses to determine access. Each object in Siebel CRM Desktop includes a security descriptor.

   3. Add the following code to the factories object that you located in step b:

      "custom_object":security_manager.factory_from_constructor(function_name)
      

      where:

      • custom_object identifies the object type of the custom object.

      • function_name identifies the name of the function that Siebel CRM Desktop uses to construct the security descriptor. .

      For example, add the following code:

      "Account":security_manager.factory_from_constructor(account_security)
      

3. Specify the function that determines if the user possesses the permission to modify the form:

   1. Locate the function that you specified in step c above.

   2. Add the following code to the function that you located in step a.

      base_security.call(this, ctx, item_ex, {
      "modify_filter": modify_check_function
      });
      function custom_object_security(ctx, item_ex)
      {
      base_security.call(this, ctx, item_ex, {
      "modify_filter": function
      });
      

      where:

      • custom_object_security specifies the name of the function that Siebel CRM Desktop calls to determine if the user possesses the permission to modify the form.

      For example, you can use the following code for the account object:

      base_security.call(this, ctx, item_ex, {
      "modify_filter": modify_check_function
      });
      function account_security(ctx, item_ex)
      {
      base_security.call(this, ctx, item_ex, {
      "modify_filter": function
      });
      

4. Define the function that you specify in step 3. Use the following code:

   function modify_check_function(ctx, sd, item_ex, value)
   {
     value.and_value = false;
     value.or_value = false;
   }
   

   where:

   • modify_check_function must be the function that you specify in step 3.

   • sd provides access to the access method that the security descriptor uses, such as modify_access, delete_access, or link_access.

   • and_value and or_value must be set to false to make an object type read-only. These parameters determine the result of the following calculation:

     resulting_value = (value || or_value) && and_value;
     

     Note the following:

     • If Siebel CRM Desktop calls an access checking method, such as modify_access or delete_access, then the access checking method returns a value in resulting_value.

     • If or_value and and_value are true, then resulting_value is true.

     • If or_value or and_value is false, then resulting_value is false.

     • The value parameter is predefined. You cannot modify it. You can modify or_value and and_value.

   You can define this function anywhere in the security_utils.js file. It recommended that you define it near the custom_object_security function.

5. (Optional) Make the object type read-only depending on a condition.

   You can configure Siebel CRM Desktop to examine an object, and then set and_value and or_value to false or true, depending on the results of this examination. For example, the following code determines if a custom field of an object includes a value, where the value is the check mark in a checkbox. If it does, then it sets Can modify to false, and then sets the values for and_value and or_value depending on the value of Can modify:

   function modify_check_function(ctx, sd, item_ex, value)
   {
     var modification_allowed = item_ex.get_property("Can modify").checked;
     value.and_value = modification_allowed;
     value.or_value = modification_allowed;
   }
   

Function That Siebel CRM Desktop Uses to Construct Security Descriptors

The function that Siebel CRM Desktop uses to construct security descriptors resides in the security_utils.js file. For example, Siebel CRM Desktop uses the following function to construct the security descriptor for the account object type:

function account_security(ctx, item_ex)
{
base_security.call(this, ctx, item_ex, {
"modify_filter": account_read_only,
"link_filter": account_link_filter,
"delete_filter": function(ctx, sd, item_ex, value) {value.or_value = true; 
value.and_value = true}
});
}

The base_security function constructs the default security descriptor. This descriptor includes the predefined methods that set access. Siebel CRM Desktop uses the base_security function during a call from the security descriptor function of any object, and it uses the values that this function contains. The security descriptor uses the following constructor function, and Siebel CRM Desktop uses the default values from this function for all access methods. So, it is not necessary for you to write code in every function that Siebel CRM Desktop uses to construct a descriptor:

function custom_object_security(ctx, item_ex)
{
base_security.call(this, ctx, item_ex);
}

where:

• custom_object_security specifies the name of the function that Siebel CRM Desktop uses to construct the object descriptor. For example, Siebel CRM Desktop uses the account_security function to construct the object descriptor for an account.

• this, ctx, item_ex are the default set of parameters that Siebel CRM Desktop uses. You can add more options to define the default access methods and the values that they return.

Setting the Security Descriptor

sd (security descriptor) is the security_descriptor object that Siebel CRM Desktop uses for the object where you are modifying access. You can use it to examine other types of permissions. For example, the following code prevents the user from deleting or modifying an object. If the delete_access method that the security descriptor references returns a value of false, then Siebel CRM Desktop sets and_value and or_value to false:

function modify_check_function(ctx, sd, item_ex, value)
{
if (sd.delete_access())
  {
  value.and_value = false;
  value.or_value = false;
  }
}