In the OutSystems Platform Roles are used to design your security policies and associate them with eSpace elements and end-users.

Role Types

The OutSystems Platform provides you with a default set of System Roles but you are allowed to define your own User-defined Roles.

System Roles

The System Roles provided by the OutSystems Platform are pre-defined in your eSpaces and are the following:

Anonymous is the most general Role and when you associate this role with an eSpace element all of the existing roles are automatically associated with it.

When you associate this role with an eSpace element, all of the existing roles are automatically associated with it, except the Anonymous role.

      • <Application Name>User: this role is used for allowing end-users to have access to application screens and operation. Learn more About End-User Management.

User-defined Roles

Create your security policies for the application by defining your own user-defined roles. For example, create a Back-office role, set this role in your application's back-office screens, and grant this role only to those end-users who are to have access to back-office screens.

To create a user-defined role, simply go to the Logic layer of the eSpace Tree, right-click on the Roles folder, select the Add Role option, and name the role.

Setting Roles in eSpace Elements

The roles are set at design time by simply selecting the eSpace element and checking the roles in the Roles section of the Properties Pane.

The eSpace elements that you are allowed to associate Roles are the following:

By default all of the System Roles are checked when you create any of these eSpace elements.

Assigning Roles to End-Users

The assignment is done at runtime using the Users application that is provided by the OutSystems Platform. Alternatively, you are also allowed to design your own role association in your application using the Grant<RoleName>Role and Revoke<RoleName>Role role actions.

Using Roles in the Application Logic

Each role is provided with a set of built-in elements that allow you to design logic for it in your application. For example, you can check whether an end-user can perform a specific operation in the application and handle the error if he has no permission for that. Learn more on how to Use Roles.

Using User-defined Roles References

Service Studio provides you with mechanisms to reuse user-defined roles between eSpaces. You can expose your user-defined roles to other eSpaces or use user-defined roles defined in another eSpace.

In a Single Sign-On scenario, you can grant roles to users in any eSpace of the set since users are shared. However, if you need to use any of the roles in other eSpaces of the set, you must use role references because they are not shared.

See Also

Role Properties | Use Roles | Find and Replace Role Usages | Single Sign-On