Different addins menu based on user's DOORS group membership

Hello,

I have a situation where I need three different addins menus depending on the current user's membership in a particular DOORS group. We have three DOORS groups "Advanced User 1" through "Advanced User 3" that correspond with addins menus "Advanced User 1" through "Advanced User 3." "Advanced User 1" menu users have access to the most scripts and these are fairly benign scripts. "Advanced User 1" DOORS group will have the most DOORS group members. "Advanced User 2" menu has more powerful scripts and the "Advanced User 2" group will have fewer members. "Advanced User 3" menu will have all DXL scripts but only a select few users will be members of the "Advanced User 3" DOORS group.

Furthermore, I need to have DXL execution limited to the approved scripts in these three addins menus. Users should not be able to run their own code or modify the approved code.

In summary:
1. We need three levels of Advance User DXL menus, access to which is controlled by a DOORS group

  • A set of scripts that almost all users can access
  • A more advanced set of scripts for experienced users
  • The most advanced and powerful scripts for a select few
2. Limit DXL execution to addins drop-down menus
3. No unauthorized DXL scripts should be able to run in the database unless from an approved and controlled area

Any thoughts, ideas, or best practices on how to achieve my desired result would be appreciated.

Thanks in advance!
-Bob3
SystemAdmin - Tue Feb 21 15:49:04 EST 2012

Re: Different addins menu based on user's DOORS group membership
llandale - Tue Feb 21 17:46:46 EST 2012

You may "prevent" nosey and clumsy folks but you can only "discourage" clever and evil folks. I'm saying that if I logged into one of your PCs and had a standard DOORS account, I would (quickly) find a way to run DXL therein no matter what you tried. Well, excepting if you removed every possible file "write" privalege on the PC and the network. Even then ...

As for not modifying code; you can deploy encrypted DXL but that's rather a drag. More importantly you don't want them to SEE how the scripts work so they don't make a copy and start tweaking it to their delight.
As for your menus.

[1] If you have control over every client PC's DOORS install you can adjust some of the delivered code to provide your clever menus depending on membership. You would need to do with with some empty module access rights
  • if I can see module AdvancedUser2 then display MenuLevel2
Function createAddinsMenus() in file formal.dxl for modules, and in functioncreateAddinPathMenus() in path.inc allow you to create these custom menus.

[2] If you can coordinate network file access rights with the DOORS groups, denying folks read access to network folder "\\MyServer\MyDxl\MenuLevel2" unless they are in that DOORS group, then you can do this easily with just "addins" and "projectaddins" menus. Everyone will TRY to create all 3 menus, but folks lacking read rights won't get them. This option is clearly the best one.

-Louie

Re: Different addins menu based on user's DOORS group membership
SystemAdmin - Tue Feb 28 15:52:39 EST 2012

llandale - Tue Feb 21 17:46:46 EST 2012
You may "prevent" nosey and clumsy folks but you can only "discourage" clever and evil folks. I'm saying that if I logged into one of your PCs and had a standard DOORS account, I would (quickly) find a way to run DXL therein no matter what you tried. Well, excepting if you removed every possible file "write" privalege on the PC and the network. Even then ...

As for not modifying code; you can deploy encrypted DXL but that's rather a drag. More importantly you don't want them to SEE how the scripts work so they don't make a copy and start tweaking it to their delight.
As for your menus.

[1] If you have control over every client PC's DOORS install you can adjust some of the delivered code to provide your clever menus depending on membership. You would need to do with with some empty module access rights

  • if I can see module AdvancedUser2 then display MenuLevel2
Function createAddinsMenus() in file formal.dxl for modules, and in functioncreateAddinPathMenus() in path.inc allow you to create these custom menus.

[2] If you can coordinate network file access rights with the DOORS groups, denying folks read access to network folder "\\MyServer\MyDxl\MenuLevel2" unless they are in that DOORS group, then you can do this easily with just "addins" and "projectaddins" menus. Everyone will TRY to create all 3 menus, but folks lacking read rights won't get them. This option is clearly the best one.

-Louie

Louie, your response was extremely helpful and creative. Thank you!