Restricting User Access to Company Data

Restricting User Access to Company Data

  

Hi

I am looking for some best practice guidance implementing a Company->User pattern in Outsystems. For example:

As a CompanyUser I can manage Lodgements for my Company

In the App I require Users to be assigned to a Company and their view of Lodgements to be restricted to data for their company only.

Has any one come across a guide / code example to implement the Company / User pattern?

Kevin

Hello Kevin.

What's the "context"?
Are you using the application for different companies?

In this case, you can use Multi Tenancy.
https://success.outsystems.com/Support/Enterprise_Customers/Maintenance_and_Operations/How_to_Build_a_Multi-tenant_Application

If it is just some of the users and you think using multi tenancy is too much, you will have to guarantee that on every query/aggregate, the data is filtered by the company.

Cheers.

Eduardo Jauch wrote:

Hello Kevin.

What's the "context"?
Are you using the application for different companies?

In this case, you can use Multi Tenancy.
https://success.outsystems.com/Support/Enterprise_Customers/Maintenance_and_Operations/How_to_Build_a_Multi-tenant_Application

If it is just some of the users and you think using multi tenancy is too much, you will have to guarantee that on every query/aggregate, the data is filtered by the company.

Cheers.

Hi 

No, it's not a multi tenancy application.  Many users, from different companies, will post lodgements to be managed by a single set of Admins.


Hi Kevin,

Using multi-tenancy you can actually also have admins that have access to everything (iirc you need to expose the tenant ID on the entity and apply the right filters). But if you don't want the built-in multi-tenancy, you need to do it as Eduardo suggests, i.e. with each query that accesses company-specific data, the developer will have to take this into account and explicitly select for the right company.