How to Configure AVP Settings to Improve Performance

Document ID : KB000028825
Last Modified Date : 14/02/2018
Show Technical Document Details

Problem:

Using the Attribute Value Protection (AVP) setting of 'Use display conditions and secured subpages to protect attribute values on this list' (full AVP) on the 'Project List' object could cause performance issues. By default the option 'Use display conditions and secured subpages to protect attribute values on this list' is selected.  We recommend if you do not use the 'display conditions' portion of AVP, to change your settings to ‘Use only secured subpages to protect attribute values on this list’.

 

Below are the steps to change the AVP setting in the application:

  1. Login to Clarity and under Administration go to Objects under the Studio list   
  2. Filter for the object, 'Project' and select it  
  3. Once in 'Object: Project – Properties' please click on the 'Views' tab  
  4. 'Project List' should be updated to use 'Use only secured subpages to protect attribute values on this list', and if you don’t use 'display conditions' you may want to change all not to use AVP 'Use display conditions and secured subpages to protect attribute values on this list'. Using 'Use only secured subpages to protect attribute values on this list' would be best. Select 'Options' in the 'Setup' column then select 'Use only secured subpages to protect attribute values on this list' and Save 
  5. Repeat steps for other object 'List' views  

Environment:

Applies to all supported PAS environments for specified releases.

Cause:

Caused by CLRT-75126 which has been closed and marked as a duplicate to CLRT-76712

Resolution:

CLRT-76712 Resolved in CA PPM 14.2

In CA PPM 14.3 an enhancement has been implemented for setting the default, stock configuration as noted in this article to prevent performance issues on new deployments. For existing customer deployments after an upgrade to this release, the AVP setting remains set to the same option in use before the upgrade. On Premise customers may elect to use the identified workaround to change this setting for their existing views.  

Workaround:

Note:  Due to the current design, the application does not have the functionality to make this type of configuration change for all affected views.  The details for making direct database updates to change the CA PPM AVP default configuration setting has been reviewed and approved by our Development Team.  Be sure to make a backup of your environment and to test this configuration change in a non-production environment before proceeding to implement into a production environment.

This workaround is provided by our Development Team.

1. The following are queries that can be used to identify any objects/views using AVP set to full:

  • To identify objects configured with AVP set to full:  
SELECT code AS OBJECT_VIEW,
  CASE
    WHEN use_display_conds_for_security = 0
    THEN 'SECURE SUBPAGES'
    WHEN use_display_conds_for_security = 1
    THEN 'FULL AVP'
    ELSE 'LOWEST'
  END AS AVP_SETTING
FROM cmn_grids
WHERE principal_type               ='SYSTEM'
AND (USE_DISPLAY_CONDS_FOR_SECURITY=1
OR use_display_conds_for_security  =2)
AND (dal_type                      ='object'
OR dal_type                        ='system')
AND code                          IS NOT NULL
  • To identify user customized view (personalized) configured with AVP set to full:  
SELECT code AS OBJECT_VIEW,
  CASE
    WHEN use_display_conds_for_security = 0
    THEN 'SECURE SUBPAGES'
    WHEN use_display_conds_for_security = 1
    THEN 'FULL AVP'
    ELSE 'LOWEST'
  END AS AVP_SETTING
FROM cmn_grids
WHERE principal_type               ='USER'
AND (USE_DISPLAY_CONDS_FOR_SECURITY=1
OR use_display_conds_for_security  =2)
AND (dal_type                      ='object'
OR dal_type                        ='system')
AND code                          IS NOT NULL

 

2. Once all views using full AVP configuration are identified, below are the 2 queries to be used to change the Attribute Value Protection (AVP) settings to 'Use only secured subpages to protect attribute values on this list': 
  • This one forces object AVP settings for object lists back to 'subpage  security only' (the middle setting):
UPDATE cmn_grids
SET use_display_conds_for_security=0
WHERE id                         IN
  (SELECT id
  FROM cmn_grids
  WHERE principal_type               ='SYSTEM'
  AND (USE_DISPLAY_CONDS_FOR_SECURITY=1
  OR use_display_conds_for_security  =2)
  AND (dal_type                      ='object'
  OR dal_type                        ='system')
  )
  • This one updates grids customized by end users that were derived from objects (object provider based portlets or object list views):
UPDATE cmn_grids
SET use_display_conds_for_security=0
WHERE id                         IN
  (SELECT id
  FROM cmn_grids
  WHERE principal_type               ='USER'
  AND (USE_DISPLAY_CONDS_FOR_SECURITY=1
  OR use_display_conds_for_security  =2)
  AND (dal_type                      ='object'
  OR dal_type                        ='system')
  )
 
3. Restart all CA PPM services

Additional Information:

Reference Release Notes for CA PPM 14.3