Tip: Using Permission Areas effectively to protect application screens

Tip: Using Permission Areas effectively to protect application screens

  
Service Studio provides developers with a very powerful and clean way to automatically allow/block access to specific screens (be they Web or Mobile Web screens or blocks) depending on which user is logged in (or if no user is logged).

This functionality seems not to be immediately apparent, however, as some developers have developed their own authorisation logic, by placing explicit checks in every Screen Preparation for example. While this will work, the eSpace ends up with a fair amount of replicated logic: something that both distracts from the real logic and reduces eSpace maintainability.

In brief, the eSpace logic grants specific permissions to the logged in user, normally via the Grant<Permission area>Permission Built-in action (although advanced users can opt to modify the User_Permission system table as well).

Permissions can be either Persistent or not. In the first case, whenever the user logs in using the Login Built-in action, the current session is automatically and immediately granted clearance to those permissions. For non-Persistent Permissions grants have to be explicitly given every time.

The user, for the duration of the session, will then be able to view any screen so long as he or she has been granted access to any of the Permission Areas required by that screen.

You can select which areas are required by using the checkboxes on the properties of each screen.

Attempting to access a screen of which the user has no suitable granted Permissions will throw a Security exception, which can be caught with a Error Handler.

This is the preferred way to implement screen access security in the Hub Edition platform: the alternative of using explicit Check<Permission area>Permission in the screens’ Preparation is, therefore, unadvisable.

The Service Studio documentation help contains a wealth of information on the specifics of Permission Areas and should be consulted for further information. You can find the most relevant pages inside the topic

Handling security\Using Permission Areas

Furthermore an extremely well documented sample that shows all this as a simple application can be downloaded from

\Samples\Basic Samples\Permission Areas usage and User Management in WEB

In the Documents area of this site.