The 'Visibility Levels' feature within Enterprise Architect provides the ability to restrict access to certain sections of a model. Only models hosted by a Pro Cloud Server are able to make use of this feature. Visibility Levels are implemented by taking advantage of the Row Level Security feature included in Oracle 8+ and Microsoft SQL Server 2016 (onwards).
Row Level Security is a security feature that controls which users can access which rows of data in a database. Traditional database security only provides the ability to control which users have access to read, write or delete data down to the table level. Since Row Level Security functionality is implemented by the database, it is impossible for users to bypass security implemented at the application level, by writing their own scripts or databases queries. That is, the database ensures that users can only view and update data they are authorized to access.
Since Row Level Security is functionality implemented by the database, most of the configuration for Enterprise Architect and the Pro Cloud Server to support it is performed directly in the database without needing to change the application code base, which means there is less to go wrong from an application point of view.
How it works
In additional to their normal permissions, database users are granted access to one or more visibility levels.
A new column, VIS_LVL (Visibility Level) is added to 24 critical tables within the Enterprise Architect database. This field stores the minimum visibility level that is needed to view this record.
For each of the 24 tables a security policy is defined that ensures each database user only sees records that their assigned visibility level is authorized to view.
Database triggers are then used to maintain the value of the VIS_LVL columns in all tables for all child objects and elements. For example, setting the visibility level of a Package in Enterprise Architect's Project Browser will update the selected Package and all of its children to the entered visibility level.
Note: The base scripts supplied by Sparx Systems support levels of security 0 to 5, with 5 being the highest. Level 0 is the default and implies that all database users (even those without a assigned visibility level) can view or update records of this level. (The script could be adjusted to support more levels; however, this will need to be done manually.) The visibility levels are cumulative; for example, a user with level 3 can see all level 1, 2 and 3 rows.