Docs‎ > ‎CA Live API Creator‎ > ‎Security‎ > ‎

Security Examples

You can study these examples to become familiar with Security.  You can browse them to get the basic idea, but we encourage you to read about Authentication and Authorization before you study them carefully.

Complex Permission Predicates

Here we ensure that Guests (authorized for the Guest role) do not see orders for secret parts such as Stealth Bolts.  The entire predicate (partially hidden above) is a correlated sub query:

ident not in (
  select _o.ident from orders _o  
    left join lineitems _l on _l.order_ident = _o.ident 
    left join products _p on _p.name = _l.product_name 
  where _p.is_secret = true)

Using Globals

Each General User is assigned the General Role, which filters orders based on their amount.   The exact amount for each user is specified by a Global Value, reference from the Role Predicate.

You commonly assign a Global to a user-based rows, as shown in this example.

This Auth Token defines a Global Value maxAmount:

This user is assigned to the General User Role, which specifies the following Permission for the orders table.  Observe the use of the maxAmount Global value defined above:



Verifying SQL with Rest Lab

We can now verify the proper operation using logging and the Rest Lab.  First, we define our Auth Token with the following (typical) Logging settings:



We now use the Rest Lab with this Auth Token to issue a Get Request for Orders:



We can verify not only the result, but see the actual generated SQL:



Demo Example

A similar example is illustrated here.