User/Role Security on Webpages
-
- Posts: 46
- Joined: August 26th, 2021, 2:02 pm
- Contact:
User/Role Security on Webpages
How do you manage security administration on a page by page basis. If I have several webpages within an application and need to secure each to certain users, how do I do this. Also, users will need to be able to access multiple pages. I would prefer to handle at the role level rather than user if possible. Thanks in advance for the help.
word count: 64
Tags:
-
- Posts: 329
- Joined: August 26th, 2021, 9:18 am
- Contact:
Re: User/Role Security on Webpages
Every Page has two properties that control security. Secured and Force Role Security.
All links needed to setup the authorization is under the security menu Every user must have an authorization assigned to them in order to be able to login to the app. To see a users authorization go to the user management page and click on assign authorization. New Authorizations can be added from the Authorizations page. Authorizations then have Roles assigned to them which can be done by clicking on the Roles link in the authorization list. New Roles can also be created from the page. Roles then are assigned Object Lists. There are three types of lists.
WorkflowRequests, and WorkflowApproval pages.
For a user to have access to a page or api the user must have an authorization that is assigned a role that is assigned a list that has that page or api in it.
The CheckAccess service can be used to see if a user has access to a specific object. It takes in UserId, ObjectId, ObjectType (MVC_View, EP_WebPart, EP_REST_Resouce_Verb, UserDefined). This service will return WorkData/CheckAccess/Output/Result/Access where Access = True or False. Checks for types MVC_View, EP_WebPart, EP_Rest_Resource_verb are done automatically. This service is mainly used for custom security logic using UserDefined type.
In the IDE we use a UserDefined list to hide/unhide the promote button so only certain authorizations can promote to QA/PD. We then use the CheckAccess Service and a Binary Decision to determine if we should hide the button which we do using SetControlProperty.
If secured is false, any one can access the page. If secured is true and enforce role security if false, any logged in user can access the page. If secured is true and enforce role security is true, then only logged in users who have that page associated with their authorization can access that page.All links needed to setup the authorization is under the security menu Every user must have an authorization assigned to them in order to be able to login to the app. To see a users authorization go to the user management page and click on assign authorization. New Authorizations can be added from the Authorizations page. Authorizations then have Roles assigned to them which can be done by clicking on the Roles link in the authorization list. New Roles can also be created from the page. Roles then are assigned Object Lists. There are three types of lists.
- Webpage which will be a list of page you want to give access to
- Rest API Verb which will be a list of apis you want to give access to
- User Defined which is for custom logic using the CheckAccess service. For example to hide a button. (See below)
WorkflowRequests, and WorkflowApproval pages.
For a user to have access to a page or api the user must have an authorization that is assigned a role that is assigned a list that has that page or api in it.
The CheckAccess service can be used to see if a user has access to a specific object. It takes in UserId, ObjectId, ObjectType (MVC_View, EP_WebPart, EP_REST_Resouce_Verb, UserDefined). This service will return WorkData/CheckAccess/Output/Result/Access where Access = True or False. Checks for types MVC_View, EP_WebPart, EP_Rest_Resource_verb are done automatically. This service is mainly used for custom security logic using UserDefined type.
In the IDE we use a UserDefined list to hide/unhide the promote button so only certain authorizations can promote to QA/PD. We then use the CheckAccess Service and a Binary Decision to determine if we should hide the button which we do using SetControlProperty.
word count: 649
-
- Posts: 329
- Joined: August 26th, 2021, 9:18 am
- Contact:
Re: User/Role Security on Webpages
We have a fix ready for this and it will be out later today.
word count: 14
-
- Posts: 46
- Joined: August 26th, 2021, 2:02 pm
- Contact:
Re: User/Role Security on Webpages
I have another question regarding this. So, I was trying to use the process you shared to show/hide a field on my page. When I used the check access service it returned an error saying user could not be found when userid was set to ; however it worked fine when I put a user id. Also, I don't see a set control property service, but I do see a show/hide element and enable/disable element services under MVC workshop should I be using one of these instead? If so which, and also when I look at the show/hide element service it doesn't allow me to edit anything.
- Attachments
-
- Screenshot_ShowHide Element.png (16.56 KiB) Viewed 11127 times
- Screenshot_ShowHide Element.png (16.56 KiB) Viewed 11127 times
word count: 112
-
- Posts: 329
- Joined: August 26th, 2021, 9:18 am
- Contact:
Re: User/Role Security on Webpages
The screen shot was from an older version. The correct way to reference the currently logged in user is
word count: 19
-
- Posts: 46
- Joined: August 26th, 2021, 2:02 pm
- Contact:
Re: User/Role Security on Webpages
Thanks for the clarification, that worked. As for the service to set the control to visible or not would that be the show/hide element?
word count: 25
-
- Posts: 329
- Joined: August 26th, 2021, 9:18 am
- Contact:
Re: User/Role Security on Webpages
The example to hide a button above is from classic mode in which the SetControlProperty service can be used in datasources and control processes.
In MVC it is a little different.
If on page load you want to set the visibility of a control you will have to have some reference in the model so for example the CreateServiceNode service with a result named Buttonvisbility who's value returns as true or false. You would then set the buttons visibility property to references that. Then in a controller you can update that value to the opposite and then use the UpdateElement service If you are not setting the visibility in the model then you also have the option to use the ToggleElement service which will take in a html id then if that element is visible will hide it or if it is hidden it will show it.
In MVC it is a little different.
If on page load you want to set the visibility of a control you will have to have some reference in the model so for example the CreateServiceNode service with a result named Buttonvisbility who's value returns as true or false. You would then set the buttons visibility property to references that. Then in a controller you can update that value to the opposite and then use the UpdateElement service If you are not setting the visibility in the model then you also have the option to use the ToggleElement service which will take in a html id then if that element is visible will hide it or if it is hidden it will show it.
word count: 234
-
- Posts: 46
- Joined: August 26th, 2021, 2:02 pm
- Contact: