Doug, You make a good point.
Because different users have different permissions and access todifferent fields and constructs and workflow.
But that's not something JS can't do for you, given the permissioning has to exist on the server side for security reasons. In fact, I guess it's handled at AR System already?
Creating one page for all users would be a security violation asusers could then
No, it wouldn't. The JS travels through corporate proxies/etc. Allowing to render the appropriate display based on user permissions is perfectly acceptable, as long as the server side is protecting the submissions.
After all, a user can craft requests to the various Mid Tier servlets with a standard login to Mid Tier, and I'd expect those servlets to ensure the requests were valid. And a pen-tester will go straight to them.
But regardless, if this was a major issue, Mid Tier could perform server-side pre-processing of locally cached JS. This would still be vastly more efficient than the current system of a Mid Tier dragging all of ITSM into memory and bringing the host to a halt, particularly because it's loading AR API representations of instructions that take vastly more memory than loading compiled code.
John _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
