Alpha Software Mobile Development Tools:   Alpha Anywhere    |   Alpha TransForm subscribe to our YouTube Channel  Follow Us on LinkedIn  Follow Us on Twitter  Follow Us on Facebook

Announcement

Collapse

The Alpha Software Forum Participation Guidelines

The Alpha Software Forum is a free forum created for Alpha Software Developer Community to ask for help, exchange ideas, and share solutions. Alpha Software strives to create an environment where all members of the community can feel safe to participate. In order to ensure the Alpha Software Forum is a place where all feel welcome, forum participants are expected to behave as follows:
  • Be professional in your conduct
  • Be kind to others
  • Be constructive when giving feedback
  • Be open to new ideas and suggestions
  • Stay on topic


Be sure all comments and threads you post are respectful. Posts that contain any of the following content will be considered a violation of your agreement as a member of the Alpha Software Forum Community and will be moderated:
  • Spam.
  • Vulgar language.
  • Quotes from private conversations without permission, including pricing and other sales related discussions.
  • Personal attacks, insults, or subtle put-downs.
  • Harassment, bullying, threatening, mocking, shaming, or deriding anyone.
  • Sexist, racist, homophobic, transphobic, ableist, or otherwise discriminatory jokes and language.
  • Sexually explicit or violent material, links, or language.
  • Pirated, hacked, or copyright-infringing material.
  • Encouraging of others to engage in the above behaviors.


If a thread or post is found to contain any of the content outlined above, a moderator may choose to take one of the following actions:
  • Remove the Post or Thread - the content is removed from the forum.
  • Place the User in Moderation - all posts and new threads must be approved by a moderator before they are posted.
  • Temporarily Ban the User - user is banned from forum for a period of time.
  • Permanently Ban the User - user is permanently banned from the forum.


Moderators may also rename posts and threads if they are too generic or do not property reflect the content.

Moderators may move threads if they have been posted in the incorrect forum.

Threads/Posts questioning specific moderator decisions or actions (such as "why was a user banned?") are not allowed and will be removed.

The owners of Alpha Software Corporation (Forum Owner) reserve the right to remove, edit, move, or close any thread for any reason; or ban any forum member without notice, reason, or explanation.

Community members are encouraged to click the "Report Post" icon in the lower left of a given post if they feel the post is in violation of the rules. This will alert the Moderators to take a look.

Alpha Software Corporation may amend the guidelines from time to time and may also vary the procedures it sets out where appropriate in a particular case. Your agreement to comply with the guidelines will be deemed agreement to any changes to it.



Bonus TIPS for Successful Posting

Try a Search First
It is highly recommended that a Search be done on your topic before posting, as many questions have been answered in prior posts. As with any search engine, the shorter the search term, the more "hits" will be returned, but the more specific the search term is, the greater the relevance of those "hits". Searching for "table" might well return every message on the board while "tablesum" would greatly restrict the number of messages returned.

When you do post
First, make sure you are posting your question in the correct forum. For example, if you post an issue regarding Desktop applications on the Mobile & Browser Applications board , not only will your question not be seen by the appropriate audience, it may also be removed or relocated.

The more detail you provide about your problem or question, the more likely someone is to understand your request and be able to help. A sample database with a minimum of records (and its support files, zipped together) will make it much easier to diagnose issues with your application. Screen shots of error messages are especially helpful.

When explaining how to reproduce your problem, please be as detailed as possible. Describe every step, click-by-click and keypress-by-keypress. Otherwise when others try to duplicate your problem, they may do something slightly different and end up with different results.

A note about attachments
You may only attach one file to each message. Attachment file size is limited to 2MB. If you need to include several files, you may do so by zipping them into a single archive.

If you forgot to attach your files to your post, please do NOT create a new thread. Instead, reply to your original message and attach the file there.

When attaching screen shots, it is best to attach an image file (.BMP, .JPG, .GIF, .PNG, etc.) or a zip file of several images, as opposed to a Word document containing the screen shots. Because Word documents are prone to viruses, many message board users will not open your Word file, therefore limiting their ability to help you.

Similarly, if you are uploading a zipped archive, you should simply create a .ZIP file and not a self-extracting .EXE as many users will not run your EXE file.
See more
See less

Multi-user, multi company one server web application

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Multi-user, multi company one server web application

    Basically what I'd like to do is host 1 web application for say 20 companies that will use the same system.
    I find that this method would be more cost effective for them since they will all be using the same functions and user interface within the system.
    Conceptually, all the information in the database tables will be filtered/segregated by a company_id from a company table in MySQL back-end DB.

    My main problem with the design for this system is how to integrate A5 login & web security - even if it could be integrated - for many users from these multiple companies. Users are also ideally filtered by the company_id and can still have groups e.g. manager & staff.

    Has anyone had such an experience or have an interesting idea on how best to approach this scenario?

    #2
    Re: Multi-user, multi company one server web application

    Yep. You still just have the three security groups: company, manager, staff plus one more for Administrators.

    Add Company_id as a field to your local user table. Mine is called web_users. When a user is added or registers, set their Company_Id to the proper value (up to you how you do that, I do it automatially at Sign-Up by validating who they are against previous invoice details plus a company-specific "invite code"). Then on login, include code that will set a value for session.__protected__companyid. I have a header on top of every page that does that, other's set it in the login.a5w page so it is set only on login. The expression will look like this:

    session.__protected__companyid = sql_lookup("conn","web_users","ulink="+session.__protected__ulink,company_id)

    Where ulink is the logged in users security framework identifier.

    Now when someone logs in, their company_id is in that session var.

    More later if you need help, but you use that session var to provide each Company with their own filtered web_users information, or list of employees, etc. And you can use it to add, modify employee lists and still maintain the company_id in those records.

    Some of this may not be clear because I am using a specific database model that I'm pretty familiar with, so ask more questions as they arise.

    This design originated with an application that does have one owner (Admin), several hundred Companies and each Company has a few to several thousand Customers. The Customers login to pay their bill to the Customers using electronic check. That means it is storing the eCheck details of thousands of Customers and the Merchant ID's for the several hundred Companies - so I trust that this arrangement works and is secure!
    Steve Wood
    See my profile on IADN

    Comment


      #3
      Re: Multi-user, multi company one server web application

      Yup, I'll echo Steve Wood that this can be done, and works just fine. Every User is sent to the regular Home page menu at login. But if a User is a multi-company user, he is first sent to a page to select the oompany to work with at this time.

      As Steve Wood notes, there's more to consider about how to do all this. At login time I establish session.__protected__IsMultiComapanyUser to help manage some of this.
      -Steve
      sigpic

      Comment


        #4
        Re: Multi-user, multi company one server web application

        Hey guys, glad to see we are on the same page but another confusion is with how to set up the security to accommodate the company group and link it with the back end mysql db. I know I can easily create groups for the different users but company seems to be a particularly special case - especially since there are additional attributes to the company.

        I feel I might be "over thinking" this but I'm really a noobie for A5.

        As for creating a page that lists the different companies, my plan is to avoid that by having the company admin create the users and in that process the company ID would be included in the user's credentials. When the user logs in, the company_id would then be used throughout the session to filter users that may CRUD the information specific to their company.

        Comment


          #5
          Re: Multi-user, multi company one server web application

          After a user logs in, you can use the Ulink value to get more information from the User table. The User table should contain not only the linking value that matches the Ulink value, but also the Company_ID.

          So, you have the Ulink value, then use it to lookup to the User table to establish session.__protected__CompanyID. This latter variable can then be used to filter grids by Company_ID.
          -Steve
          sigpic

          Comment


            #6
            Re: Multi-user, multi company one server web application

            Hey Steve, I like that perspective man, thanks a lot. So with that said I do not need to create a company group in the web security - correct?

            Comment


              #7
              Re: Multi-user, multi company one server web application

              I think you are using "Manager" to represent the Manager of the Company. So in that case, you don't need a Company secuirty level because you using the word Manager to mean the same thing that I am by Company. I personally use "Company" because I am describing the entity that is logging in - a Company (person). Manager to me is vague, Department Manager, Office Manager, etc. But Company is any guy at that company given the keys to login an see Company information.
              Steve Wood
              See my profile on IADN

              Comment


                #8
                Re: Multi-user, multi company one server web application

                Ok great clarification there Steve, thank you for that. Manager & staff will suffice for the purpose of this app.
                Many thanks for all your contributions everyone.

                Comment


                  #9
                  Re: Multi-user, multi company one server web application

                  Quincy,

                  It is very helpful in this design to use MySQL tables to hold the security information. Alpha has a paper that describes how to do that by setting the Alpha dbf security tables as active link tables to the MySQL versions of those tables.

                  Pat
                  Pat Bremkamp
                  MindKicks Consulting

                  Comment


                    #10
                    Re: Multi-user, multi company one server web application

                    Hey Pat, I believe the attached PDF was what you were referring to.

                    Comment


                      #11
                      Re: Multi-user, multi company one server web application

                      That's it. I've got a bunch of clients using that approach and it works very well, especially if you have thousands of users.

                      Pat
                      Pat Bremkamp
                      MindKicks Consulting

                      Comment


                        #12
                        Re: Multi-user, multi company one server web application

                        For self clarification. This is my situation. Is this what you are talking about? I will use different titles for a better picture of the relationships and activities.
                        Multiple vendors selling, multi vendor employees, multi buyers.
                        There is one overall system administrator-that is you.
                        Each vendor has an administrator that can do everything for their account only, each vendor has employees that must access the system to do something, perhaps enter orders, but the vendor admin does not want them to be able to access (change or enter)sensitive info like pricing. So the admins for each individual vendor will create the accounts for their employees and give them linited access(permissions), and the admins will delete the employee account when appropriate. Vendor employees cannot self register.

                        Buyers can place orders with any vendor, the buyer selects the vendor before ordering.
                        Is this scenario the same as yours?
                        Will the solution provided work for the above scenario?

                        Thanks,

                        Comment


                          #13
                          Re: Multi-user, multi company one server web application

                          MY situation is this: Multiple users, possibly a few admins. Group permissions easily takes care of this.
                          Each user should have the ability to change their password and security Question & answer internally in the web app.
                          Admins can list user accounts, lock & unlock user accounts, select which company & group(s) a user is associated with.
                          I apologise for not responding much sooner to your post.

                          BTW this proves to be a very tricky implementation.

                          Comment


                            #14
                            Re: Multi-user, multi company one server web application

                            qfactor - I read the thread, don't we already suggest how to do this, did you give it a try?
                            Steve Wood
                            See my profile on IADN

                            Comment


                              #15
                              Re: Multi-user, multi company one server web application

                              Yes I did, I got web security going on now with mysql. I was responding to Portal 6 clarification post. Thanks again to everyone.

                              I still have only 2 other outstanding challenges though and they are to listing the native a5 security questions in a drop down field in a grid detail view in web app, and allowing users to change their password internally. When I overcome those issues I would have completed the user admin section. I noticed someone had the same problem else where on the forum for weeks now. Can listing the native a5 security questions in a drop down field be done in a grid detail view? If so what's is the proper way?

                              Comment

                              Working...
                              X