User/Role Security on Webpages

This forum allows users to post and respond to "How Do I Do ....." questions. The information contained in this forum has not been validated by K-Rise Systems and, as such, K-Rise Systems cannot guarantee the accuracy of the information.
Post Reply
smackie
Posts: 46
Joined: August 26th, 2021, 2:02 pm
Contact:

User/Role Security on Webpages

Unread post by smackie »

How do you manage security administration on a page by page basis. If I have several webpages within an application and need to secure each to certain users, how do I do this. Also, users will need to be able to access multiple pages. I would prefer to handle at the role level rather than user if possible. Thanks in advance for the help.
word count: 64

Tags:
SteveCap
Posts: 329
Joined: August 26th, 2021, 9:18 am
Contact:

Re: User/Role Security on Webpages

Unread post by SteveCap »

Every Page has two properties that control security. Secured and Force Role Security.
SecuredEnforceRoleSecurityProperties.png
Secured Enforce Role Security Properties
SecuredEnforceRoleSecurityProperties.png (20.57 KiB) Viewed 11282 times
Secured Enforce Role Security Properties
Secured Enforce Role Security Properties
SecuredEnforceRoleSecurityProperties.png (20.57 KiB) Viewed 11282 times
If secured is false, any one can access the page. If secured is true and enforce role security if false, any logged in user can access the page. If secured is true and enforce role security is true, then only logged in users who have that page associated with their authorization can access that page.

All links needed to setup the authorization is under the security menu
Menu.png
Menu
Menu.png (18.95 KiB) Viewed 11282 times
Menu
Menu
Menu.png (18.95 KiB) Viewed 11282 times
Every user must have an authorization assigned to them in order to be able to login to the app. To see a users authorization go to the user management page and click on assign authorization.
Users.png
Users
Users.png (12.24 KiB) Viewed 11282 times
Users
Users
Users.png (12.24 KiB) Viewed 11282 times
New Authorizations can be added from the Authorizations page.
Authorizations.png
Authorizations
Authorizations.png (56.29 KiB) Viewed 11282 times
Authorizations
Authorizations
Authorizations.png (56.29 KiB) Viewed 11282 times
Authorizations then have Roles assigned to them which can be done by clicking on the Roles link in the authorization list. New Roles can also be created from the page.
Roles.png
Roles
Roles.png (9.91 KiB) Viewed 11282 times
Roles
Roles
Roles.png (9.91 KiB) Viewed 11282 times
Roles then are assigned Object Lists. There are three types of lists.
  • Webpage which will be a list of page you want to give access to
  • Rest API Verb which will be a list of apis you want to give access to
  • User Defined which is for custom logic using the CheckAccess service. For example to hide a button. (See below)
Below is an example of a webpage list.
WebPageList.png
WebPage List
WebPageList.png (10.19 KiB) Viewed 11282 times
WebPage List
WebPage List
WebPageList.png (10.19 KiB) Viewed 11282 times
WebPageListObjects.png
WebPage List Objects
WebPageListObjects.png (18.94 KiB) Viewed 11282 times
WebPage List Objects
WebPage List Objects
WebPageListObjects.png (18.94 KiB) Viewed 11282 times
If a user has an authorization that has a role that has this list that user would then have access to the Home,
WorkflowRequests, and WorkflowApproval pages.

For a user to have access to a page or api the user must have an authorization that is assigned a role that is assigned a list that has that page or api in it.

The CheckAccess service can be used to see if a user has access to a specific object. It takes in UserId, ObjectId, ObjectType (MVC_View, EP_WebPart, EP_REST_Resouce_Verb, UserDefined). This service will return WorkData/CheckAccess/Output/Result/Access where Access = True or False. Checks for types MVC_View, EP_WebPart, EP_Rest_Resource_verb are done automatically. This service is mainly used for custom security logic using UserDefined type.

In the IDE we use a UserDefined list to hide/unhide the promote button so only certain authorizations can promote to QA/PD.
UserDefinedLists.png
User Defined Lists
UserDefinedLists.png (16.81 KiB) Viewed 11283 times
User Defined Lists
User Defined Lists
UserDefinedLists.png (16.81 KiB) Viewed 11283 times
We then use the CheckAccess Service and a Binary Decision to determine if we should hide the button which we do using SetControlProperty.
CheckAccessServiceSetup.png
Check Access Service Setup
CheckAccessServiceSetup.png (21.35 KiB) Viewed 11284 times
Check Access Service Setup
Check Access Service Setup
CheckAccessServiceSetup.png (21.35 KiB) Viewed 11284 times
CheckAccess.png
Check Access
CheckAccess.png (34.26 KiB) Viewed 11284 times
Check Access
Check Access
CheckAccess.png (34.26 KiB) Viewed 11284 times
Binary.png
Binary
Binary.png (69.24 KiB) Viewed 11284 times
Binary
Binary
Binary.png (69.24 KiB) Viewed 11284 times
SetControlProperty.png
Set Control Property
SetControlProperty.png (34.37 KiB) Viewed 11284 times
Set Control Property
Set Control Property
SetControlProperty.png (34.37 KiB) Viewed 11284 times
word count: 649
SteveCap
Posts: 329
Joined: August 26th, 2021, 9:18 am
Contact:

Re: User/Role Security on Webpages

Unread post by SteveCap »

We have a fix ready for this and it will be out later today.
word count: 14
smackie
Posts: 46
Joined: August 26th, 2021, 2:02 pm
Contact:

Re: User/Role Security on Webpages

Unread post by smackie »

I have another question regarding this. So, I was trying to use the process you shared to show/hide a field on my page. When I used the check access service it returned an error saying user could not be found when userid was set to ; however it worked fine when I put a user id. Also, I don't see a set control property service, but I do see a show/hide element and enable/disable element services under MVC workshop should I be using one of these instead? If so which, and also when I look at the show/hide element service it doesn't allow me to edit anything.
Attachments
Screenshot_ShowHide Element.png
Screenshot_ShowHide Element.png (16.56 KiB) Viewed 11265 times
Screenshot_ShowHide Element.png
Screenshot_ShowHide Element.png (16.56 KiB) Viewed 11265 times
word count: 112
SteveCap
Posts: 329
Joined: August 26th, 2021, 9:18 am
Contact:

Re: User/Role Security on Webpages

Unread post by SteveCap »

The screen shot was from an older version. The correct way to reference the currently logged in user is
word count: 19
smackie
Posts: 46
Joined: August 26th, 2021, 2:02 pm
Contact:

Re: User/Role Security on Webpages

Unread post by smackie »

Thanks for the clarification, that worked. As for the service to set the control to visible or not would that be the show/hide element?
word count: 25
SteveCap
Posts: 329
Joined: August 26th, 2021, 9:18 am
Contact:

Re: User/Role Security on Webpages

Unread post by SteveCap »

The example to hide a button above is from classic mode in which the SetControlProperty service can be used in datasources and control processes.

In MVC it is a little different.

If on page load you want to set the visibility of a control you will have to have some reference in the model so for example the CreateServiceNode service with a result named Buttonvisbility who's value returns as true or false.
CreateServiceNode.png
Create Service Node
CreateServiceNode.png (47.1 KiB) Viewed 11252 times
Create Service Node
Create Service Node
CreateServiceNode.png (47.1 KiB) Viewed 11252 times
You would then set the buttons visibility property to references that.
MyButtonVisibilityProperty.png
My Button Visibility Property
MyButtonVisibilityProperty.png (43.42 KiB) Viewed 11252 times
My Button Visibility Property
My Button Visibility Property
MyButtonVisibilityProperty.png (43.42 KiB) Viewed 11252 times
Then in a controller you can update that value to the opposite and then use the UpdateElement service
UpdateElement.png
Update Element
UpdateElement.png (39.23 KiB) Viewed 11252 times
Update Element
Update Element
UpdateElement.png (39.23 KiB) Viewed 11252 times
If you are not setting the visibility in the model then you also have the option to use the ToggleElement service which will take in a html id then if that element is visible will hide it or if it is hidden it will show it.
ToggleElement.png
Toggle Element
ToggleElement.png (39.14 KiB) Viewed 11252 times
Toggle Element
Toggle Element
ToggleElement.png (39.14 KiB) Viewed 11252 times
word count: 234
smackie
Posts: 46
Joined: August 26th, 2021, 2:02 pm
Contact:

Re: User/Role Security on Webpages

Unread post by smackie »

Thanks Steve this really helps me out.
word count: 7
Post Reply