best practice for security

best practice for security

  

Hi All. I have an app which only has only a couple screens but there is a lot of info on each screen. Several different groups/roles will be using the same screens. The controls that each role will have access to are spread all over. So I can't really manage security at the screen level. Everyone will have access to each screen. What is the best practice for managing security in a case like this? Everything I found was about screen level security.

I assume I need to set security using the enable property. I have gone through each control and set the enable property to a role checking action I made. It accepts the names of the roles as parameters. Looks up the roleid based on the name. Then checks if user is in any of them. I don't like this approach for several reasons

1. Its tedious and has to be set in each control. No central management other than the logic action.

2. The names are hard coded and I assume it will break if someone changes role name.

3. Can't use role ids directly because they could change between envrionments (i think).

4. What if someone creates another role with same name in a different app ?? Not sure if this is possible or will cause problems but seems possible.

Anyway can someone suggest a better approach ? Is there a existing document that addresses this? Thanks.


Solution

Hi Mark,

I'm not sure if I understood correctly, but I'll try to give you a "hint" on how to deal better with this...

So you have a screen, with several pieces of content and controls (links, buttons, etc) and you want to control the availability according to the roles right?

For that, you can use an "if" for each control/pice of content and use the system function Check<nameoftherole>Role(UserId:Session.UserId)

This function returns true if User has this role.. so If (True) then "show control". In case you want to make it available for more than one role you can to something like Check<nameoftherole1>Role(UserId:Session.UserId) or Check<nameoftherole2>Role(UserId:Session.UserId)

Check the example below:


Let me know if this helps,

Vera

Solution

This is better. Solves a couple problems. Thank you.