VPA Restrictions and Custom Data Access

The core provides additional API methods and binding expressions to allow application developers to customize how VPA restrictions are applied. Application developers must use the VPA programming guidelines described below when programming any data access code in Java or when creating custom SQL in the AXVW.

For an overview of VPA, see Application-Level Virtual Private Archibus

Implementing Custom Business Logic

When you implement custom business logic in Java, the standard Archibus APIs apply the VPA according to these rules:

You usually do not need to use the VPA in workflow rules implementing custom business logic. For example:

When developing custom business logic, you need to make a decision: to which category this Java code belongs:

Situation Action
Producing raw data to be presented in a form or grid Apply the VPA.
Producing aggregated data Typically, you do not need to apply the VPA.
Implementing a workflow process Typically, you do not apply the VPA.
Exception: when the workflow rule should be executed only on the data that the current user can access

To disable the VPA in an AXVW datasource, use the applyVpaRestrictions attribute:

<dataSource id="ds0" applyVpaRestrictions="false"> 

When writing custom SQL queries in the AXVW datasource, the default VPA restriction may be disabled using the >applyVpaRestrictions attribute and the restriction added to the custom SQL query directly using ${sql.vpaRestriction}:

<dataSource id="ds0" applyVpaRestrictions="false">
<sql dialect="generic">SELECT rm_id FROM rm WHERE ${sql.vpaRestriction}</sql>
... 

Examples of VPA programming in the AXVW can be found in ab-ex-report-grid-sql-vpa.axvw.

To customize default VPA restrictions when executing a custom SQL query:

  1. Disable default VPA restrictions for this DataSource:

    DataSource ds = …
    // do not apply the VPA restrictions
    ds.setApplyVpaRestrictions(false); 

  1. Add the VPA expression to the custom SQL query:

    // use the VPA expression in the custom SQL query
    // if the current user/role has no VPA, the expression will be resolved as (1=1)
    String customSql = “SELECT COUNT(*) … FROM … WHERE … AND (${sql.vpaRestriction})”;
    ds.addQuery(customSql);

To customize default VPA restrictions when executing a custom SQL query defined in the AXVW:

  1. Disable default VPA restrictions for this DataSource:

    <dataSource id="ds0" applyVpaRestrictions="false"> 

  1. Add the VPA expression to the custom SQL query:

    // use the VPA expression in the custom SQL query
    // if the current user/role has no VPA, the expression will be resolved as (1=1)
    <sql dialect="generic">SELECT COUNT(*) … FROM … WHERE … AND (${sql.vpaRestriction})</sql>

See Also

Add-In Manager/Reference: Binding Expressions/Binding Sources/Binding Sources: SQL

Further examples of VPA programming in the AXVW are found in the following view:

http://localhost:8080/archibus/schema/ab-products/solutions/parts/grid/ab-ex-report-grid-sql-vpa.axvw