Each box in this diagram represents a separate table (entity) within the menu database. A line between two tables signifies that a relationship exists between those tables. Each relationship is of the ONE-to-MANY variety; therefore the arrow at one end of the line indicates which of the two is the MANY entity, as in:
Here is an explanation of the tables in my database:
| ACCOUNT | This contains an entry for each account, and is only used where database tables hold data for different accounts and where the data for each account is only visible to users within that account. Please refer to Implementing Virtual Private Databases for details. |
| CONTROL | This holds control data, equivalent to a file of configuration options. |
| FAVOURITES | This holds each user's favourite tasks. |
| HELP-TEXT | This holds the 'help' text for the task in the default language. When the Export Subsystem task is run it will copy the text to a series of files, one per task, in the help/<default_language>/ subdirectory. Translations of this text can then be created in different language subdirectories.
When the HELP hyperlink is pressed the help text for that task will be retrieved from the language subdirectory, not the database table, which is appropriate to the user's language. |
| INITIAL-VALUE-ROLE | This is used to define the initial value for a field when a specified TASK is run by a USER within a specified ROLE. This table has two uses:
|
| INITIAL-VALUE-USER | This is used to define the initial value for a field when a specified TASK is run by a specific USER. This table has two uses:
|
| LANGUAGE | Of all the possible languages which exist, this identifies those which are actually supported by the current application. Please refer to Appendix O: Internationalisation for details. |
| MENU | Entries on the TASK table which are of type 'MENU' require to have their contents maintained on the MENU table. When a user selects a menu the contents of the MENU table are retrieved and displayed in the menu bar area.
By using the entries on the ROLE-TASK table any MENU option which is not accessible to the user can be filtered out, thus restricting the display to only those options which the user is actually allowed to access. TASK_ID_SNR identifies the menu page while TASK_ID_JNR identifies an option on that page. |
| MOTD | This stores 'Message Of The Day' entries. |
| NAVIGATION BUTTON | There are some child tasks which cannot be made available until a relevant parent task is active, and these child tasks are displayed in the parent task's navigation bar. This is because the child tasks require context to be passed down to them, and context is supplied by the parent task. For example, you must select one or more entries in a LIST form before you can pass control to an UPDATE, ENQUIRE or a DELETE form.
By using the entries on the ROLE-TASK table any NAVIGATION BUTTON option which is not accessible to the user can be filtered out, thus restricting the display to only those options which the user is actually allowed to access. TASK_ID_SNR identifies the parent component while TASK_ID_JNR identifies a child component. |
| PATTERN (DIALOG_TYPE) | Each task conforms to one of the patterns in Transaction Patterns for Web Applications, and I have found it very useful to have this as an identifier on each TASK record. For example, when selecting entries for the ROLE-TASK (permissions) table I can very quickly isolate all the tasks of any particular pattern/template. |
| ROLE | This is a method of dividing users into groups or classes so that members of each role/group/class can share a common set of permissions. |
| ROLE-TASK | This identifies which TASKS can be accessed by which ROLES and is sometimes known as the access profile, security profile, permissions list or access control list. This table only contains entries where a particular combination of ROLE and TASK is valid. |
| ROLE-TASK-FIELD | This is used in conjunction with TASK-FIELD to change a ROLE's access to a field within a TASK. The access options are:
|
| SUBSYSTEM | Each application or system can often be broken down into discrete parts (or subsystems) which can be regarded as separate collections of components. For example, 'Menu and Security' is separate from 'Workflow' which is separate from 'Product' which is separate from 'Customer'. The files for each subsystem may exist in a separate directory. It is quite often that a user will have responsibility in only one of these areas, therefore it is useful to have this as part of the selection criteria when maintaining access permissions. |
| TASK | This contains an entry for each task within the system. These are sometimes referred to as 'transactions', 'modules' or 'functions'. Two types of task are supported:
|
| TASK-FIELD | This is used to define the fields within a TASK that can manipulated further via entries on the ROLE-TASK-FIELD, INITIAL-VALUE-USER and INITIAL-VALUE-ROLE tables. |
| TASK-IP-ADDRESS | This identifies all the IP addresses which are valid for this task. If there are no IP address entries for a task then there are no restrictions on that task, and the task may be accessed from any device. If there are any entries then access is only permitted from a device with an address which is in that list of entries. |
| TODO | This holds the "to do" list for individual users. |
| USER | This contains an entry for each person who is allowed to access the system. It is used by the LOGON screen to verify the userid and password. |
| USER-IP-ADDRESS | This identifies all the IP addresses which are valid for this user. If there are no IP address entries for a user then there are no restrictions on that user, and the user may access the system from any device. If there are any entries then access is only permitted from a device with an address which is in that list of entries. |
