Is there any way through meta-data to automatically detect that a developer has published an anonymous screen for web & mobile?

Hi Jay,


Unfortunately there isn’t. The screens are not in the metamodel (only in the generated code). One thing you can try is looking to screen logs and see which ones are accessed anonymously (they show with user id as 0 if accessed by a non authenticared user).


Alternatively you may try to use outdoc but I’m not 100% sure if it gives you what you need.


Cheers,

Guilherme


Guilherme Pereira wrote:

Hi Jay,


Unfortunately there isn’t. The screens are not in the metamodel (only in the generated code). One thing you can try is looking to screen logs and see which ones are accessed anonymously (they show with user id as 0 if accessed by a non authenticared user).


Alternatively you may try to use outdoc but I’m not 100% sure if it gives you what you need.


Cheers,

Guilherme


Ah. So we are tracking logs. So if a log_screen entry has no user, we can assume it is anonymous than?


Hi,

Given that the last response on this thread was around a year ago, has OutSystems implemented any features to tackle for this? 

We are developing solutions for an Enterprise customer who does not have any need for anonymous access. In fact, the organisation needs a way they can prevent anonymous screens from going to their prod environment.

Hello Dhruvin,


You can easily prevent anonymous access by ticking out the check for the anonymous users, and I think that is enough. I think what needs to be done on your case is to include a mandatory test for anonymous access before deploying to prod.


Hope this helps!

- Emman

Hi, We are managing a large number of citizen developers and checking each one of their apps isn't really feasible. I see Architecture dashboard can see anonymous pages. . . why can't I access that info any other way? Or can i? 

Hi Jay,

If you apply for architectural dashboard, it has a code analysis pattern that will report anonymous access to screens.

Regards,

Daniel

Daniël Kuhlmann wrote:

Hi Jay,

If you apply for architectural dashboard, it has a code analysis pattern that will report anonymous access to screens.

Regards,

Daniel


Hi Daniël,

We have architecture dashboard already. I am hoping for knowledge of how architecture dashboard achieves this analysis since the general tone of this thread is that that data is not available.To me, architecture dashboard proves that what i need is available somewhere. I could totally be wrong and, since i cant look under the hood of architecture dashboard. . . I am hoping someone has some insight. Our goal is to prevent IT users from pushing apps to production when they have anonymous screens. 

Hello.

I saw this question popping again (this time in OutDoc), so I dropped by to say a few things.


That has been asked before.

https://www.outsystems.com/forums/discussion/48647/access-to-ossys-espace-screen-role/

The answer is that it is probably somewhere in the undocumented API of OutSystems.


"So there is an API" you say.

Yes, but undocumented. As in "it can change any day". One thing is Architecture Dashboard, a tool made and maintained by OutSystems, to consume an API they manage. A very different one is you creating a product counting on it to see it crash a few weeks later not knowing why.

A very similar idea was created as suggested in that topic. I recommend you vote for it.

https://www.outsystems.com/ideas/6907/function-to-check-if-user-has-permission-on-a-screen-based-on-screenid-and-userid

As you can see, not that many people are interested in such tool so it is not a priority. Maybe if a lot more voted, it would become a relevant issue.

Brett Miner wrote:

Daniël Kuhlmann wrote:

Hi Jay,

If you apply for architectural dashboard, it has a code analysis pattern that will report anonymous access to screens.

Regards,

Daniel


Hi Daniël,

We have architecture dashboard already. I am hoping for knowledge of how architecture dashboard achieves this analysis since the general tone of this thread is that that data is not available.To me, architecture dashboard proves that what i need is available somewhere. I could totally be wrong and, since i cant look under the hood of architecture dashboard. . . I am hoping someone has some insight. Our goal is to prevent IT users from pushing apps to production when they have anonymous screens. 

Hi Brett,


The information about anonymous screens is not accessible and only lives in the espace module and generated code code. The module is analyzed by architecture dashboard to present the warnings you see.

You can find out more about how architecture dashboard works here: https://success.outsystems.com/Documentation/Architecture_Dashboard/How_does_Architecture_Dashboard_work

So at the moment there's no API for that and the only option is via code analysis using architecture dashboard.


Hope this helps,

Guilherme