Question

How can I block export to Excel in Aurena?


Userlevel 2
Badge +5

Hello, is there any way to block export to Excel in Aurena for some users?

Best regards,

Adam


This topic has been closed for comments

10 replies

Userlevel 6
Badge +12

@adam.grzymislawski Please refer Export to Excel Extension (ifs.com)

Userlevel 2
Badge +5

Thank you! Do you suggest disabling Export to Excel Extension? Where can I manage this extention?

Userlevel 5
Badge +15

Probably Mr Adam is asking for this:

 

Userlevel 2
Badge +5

Yes, exactly - I’d like to avoid personal data leakadge, so I’d like to block export to Excel in Aurena. Exporting will be available for some users in IEE.

Userlevel 6
Badge +14

Hi @adam.grzymislawski ,

 

Here, it is important to know an important aspect of IFS Applications security.

 

IFS Aurena security is based on projections
If an user has access to a projection the user will be able to fetch data for the extent permitted by that projection (based on the row level security built into the projection).


Let me explain using the Purchase Orders window as an example.
The underlying projection of this page is PurchaseOrdersHandling.svc. Which means the user will be able to access data via PurchaseOrdersHandling.svc projection.

 

Projections are based on the odata protocol, by accessing the projection metadata like below, the user can find the entry points to the data (called entitysets). 

https://url:port/main/ifsapplications/projection/v1/PurchaseOrdersHandling.svc/$metadata

 

Once the entityset is known, (e.g. PurchaseOrderSet). Below can be used to fetch data in json format.

https://url:port/main/ifsapplications/projection/v1/PurchaseOrdersHandling.svc/PurchaseOrderSet

 

It is possible to query, select columns using the odata protocol.


e.g. Below query filters data by Order No, selects a set of columns, references.

https://url:port/main/ifsapplications/projection/v1/PurchaseOrdersHandling.svc/PurchaseOrderSet?$filter=((startswith(OrderNo%2C%271%27)))&$select=OrderNo,ApprovalRule,AuthorizeCode,BuyerCode,Objstate,PurApprovalBuyerCode,PurApprovalCoordinator,OrderCode,OriginalRevision,Revision,VendorNo,Contact,Contract,Email,Company,PreAccountingId,NoteId,TotalNetAmountBase,TotalNetAmount,TotalTaxAmount,TotalGrossAmount,TotalGrossInclCharge,Invoiced,ContactName,CurrencyCode,DateEntered,Objgrants,luname,keyref&$expand=VendorNoRef($select=PurchOrderFlag,AcquisitionSite,EmailPurchaseOrder,VendorName,Objgrants,luname,keyref),OrderCodeRef($select=Description,Objgrants,luname,keyref),ContractRef($select=ContractDesc,luname,keyref)&$skip=0&$top=25

 

I will now answer your question based on above.


Since the data is accessible using open standards, once the data is exported using the above query, then data can be imported from any tool which supports json including Excel!!!.

 

So it irrelevant whether the user has access to Export to Excel functionality, data can be imported to Excel easily.


(For simplicity, we could omit the odata references in above query and below instead.)
e.g. https://url:port/main/ifsapplications/projection/v1/PurchaseOrdersHandling.svc/PurchaseOrderSet?$filter=((startswith(OrderNo%2C%271%27)))&$select=OrderNo,ApprovalRule,AuthorizeCode,BuyerCode,Objstate,PurApprovalBuyerCode,PurApprovalCoordinator,OrderCode,OriginalRevision,Revision,VendorNo,Contact,Contract,Email,Company,PreAccountingId,NoteId,TotalNetAmountBase,TotalNetAmount,TotalTaxAmount,TotalGrossAmount,TotalGrossInclCharge,Invoiced,ContactName,CurrencyCode,DateEntered,Objgrants,luname,keyref&$skip=0&$top=25

 

What the Excel plugin does is, making it easy for the user to do the above.
e.g.

https://url:port/main/ifsapplications/extensions/exportxlsx/v1?url=v1/PurchaseOrdersHandling.svc/PurchaseOrderSet?$select=OrderNo,OrderCode,VendorNo,Contract,TotalNetAmountBase,TotalNetAmount,TotalTaxAmount,TotalGrossAmount,TotalGrossInclCharge,Invoiced,Contact&format={"cols":[{"column":"Order No","expression":"OrderNo"},{"column":"Order Code","expression":"OrderCode||' - '||OrderCodeRef/Description"},{"column":"Supplier","expression":"VendorNo||' - '||VendorNoRef/VendorName"},{"column":"Supplier","expression":"VendorNo||' - '||VendorNoRef/VendorName"},{"column":"Site","expression":"Contract||' - '||ContractRef/ContractDesc"},{"column":"Total Net Amount/Base","expression":"TotalNetAmountBase"},{"column":"Total Net Amount/Curr","expression":"TotalNetAmount"},{"column":"Total Tax Amount/Curr","expression":"TotalTaxAmount"},{"column":"Total Gross Amount/Curr","expression":"TotalGrossAmount"},{"column":"Total Gross Incl. Charge/Curr","expression":"TotalGrossInclCharge"},{"column":"Invoiced Net Amt/Invoice Curr","expression":"Invoiced"},{"column":"Supplier Contact","expression":"Contact"}],"enums":[],"boolAttrs":[]}&filename=List_20210422_195516 

 


I am not aware of a way to limit the export to excel capability. But still, good to know that limiting export to excel capability is not a solution to limit access to data.

 


 

Userlevel 5
Badge +15

Hi Janitha

 

I realize technical point of view but how many end users know how to use Json query or Excel plugin to fetch bulk of data? 2-3%?

 

Best Regards

Userlevel 2
Badge +5

Yes, exactly,  avarage user will not use Json query, but he can export all the personal data with just two clicks. Is there really no way to block it? @Chathuranga_S  what did you mean by refereing to Export to Excel Extension (ifs.com)?

Userlevel 7
Badge +21

Hi @adam.grzymislawski ,

 

@Janitha if we can not disable access by changing a projection would it be possible to hide or remove the menu item using the Aurena Page Designer.   While maybe not as good as revoking a permission at least users wouldn’t be presented with the option.

 

Regards,

William Klotz

Userlevel 6
Badge +12

I doubt this could be achieved from Page Designer.
Adding Page Designer concept owners in RnD @LakmaliRD @tofuse,

Userlevel 4
Badge +7

Navinth is correct. It is not possible to disable export as a concept or remove the export command using the page designer. These are general commands that framework adds in runtime, and are not part of the page layout metadata.