Hi Chintan, Thanks for the additional suggestions. I believe I will take a different aproach...
Instead of returning complete records on the get-list request based on the qualification supplied by the user, I will return a subset of the fields, specifically excluding the field(s) that may contain information that is not for general consumption. But I will include the Entry-id as one of the returned fields. Then I will provide another web service (get-entry) which will return all of the fields for a single entry, specified by Entry-id. Then I can impose my additional restriction on the qualification for the request since the customer will just be supplying the Entry-id and not a complete qualification. I know how to do this and have successfully done it on another service. This is not exactly what I was shooting for because it requires additional steps for the user, but it will give me assurance that the restricted information does not leak out through this web service. Thanks again for your thoughts on this question. Larry On Thu, Jun 9, 2011 at 11:04 PM, Chintan Shah <cbss...@yahoo.com> wrote: > ** Ah..I c what you are saying now..Sorry, in all of my conversation, I > thought you would be comparing XPATH Qualification to some field on form but > that's not the case. My bad for not reading the thread properly. > > IMHO, there are 2 solutions for this(there could be more..but this is what > I can think of so far)..again this might not be the most elegant solution on > planet but it can get job done. > > 1. Build an automated workflow that would push all Distribution!="Internal" > records to a staging form and build web-service from staging form. In that > case you will never need AND 'Distribution'!="Internal" qualification > appended. This is probably good since amount of records to traverse would be > lesser than what is on source form and it would take query off the source > form. One of caveat I see upfront is that you will have to spend time in > building that staging form(you can probably just do a "save as" on source > form) and maintaining that workflow that pushes records to it. > > 2. Client should supply complete qualification(as you mentioned you will be > at the mercy of the client) > > Does #1 help or does it over-complicate :)? > > Thanks > Chintan. > > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
