Give entity permission for specific users

Hi

we have one core application.and we have 2 applications and that two application are using one core application.

example-we have two users.(X and Y).X is using "a" application and Y is using "b" application.This two application "a" and "b" both are using one core application.now in core application we have two entity(one is "D" and another one is "E").now "X" can see or use D and "X " cannot see "E" and "Y" can see or use E and "Y " cannot see "D".is it possible?we don't want to create multiple core application.is there any way to achieve this?

Hi Arkyadeep Bharadwaj,

The application users only see entity data, when displayed in a screen (or actions), therefore they can only access data when hey would have the correct role.

You will have to create roles and wrapper functions though, with those you can limit access to certain entities on runtime.

Another possibility might be to use tenants.

Marco Arede wrote:

Hi Arkyadeep Bharadwaj,

The application users only see entity data, when displayed in a screen, therefore they can only access data when hey have the correct role.

not clear.can you please tell me more


Arkyadeep Bharadwaj wrote:

Marco Arede wrote:

Hi Arkyadeep Bharadwaj,

The application users only see entity data, when displayed in a screen, therefore they can only access data when hey have the correct role.

not clear.can you please tell me more


for development purpose i want to give permission for specific user for specific entity


Joey Moree wrote:

You will have to create roles and wrapper functions though, with those you can limit access to certain entities on runtime.

Another possibility might be to use tenants.

not clear.can you please tell me more or give some example


Here's a link to info about user roles.

https://success.outsystems.com/Documentation/11/Developing_an_Application/Secure_the_Application/User_Roles

You can check if the logged in user has a certain role, if they don't you don't load the aggregate, if they do you do load the aggregate.

I highly suggest you to take some courses available here on the outsystems website, there are some lessons on how to limit access to data using roles, this will also teach you lots about aggregates and how to present data.
This will also improve your general knowledge of the platform, which is useful, because then you will be able to solve most problems yourself, if you still have problems at that point you can always ask the community.

Joey Moree wrote:

Here's a link to info about user roles.

https://success.outsystems.com/Documentation/11/Developing_an_Application/Secure_the_Application/User_Roles

You can check if the logged in user has a certain role, if they don't you don't load the aggregate, if they do you do load the aggregate.

I highly suggest you to take some courses available here on the outsystems website, there are some lessons on how to limit access to data using roles, this will also teach you lots about aggregates and how to present data.
This will also improve your general knowledge of the platform, which is useful, because then you will be able to solve most problems yourself, if you still have problems at that point you can always ask the community.

i am not taking about data.data we can restrict.i want to restrict one entity for one user for development purpose.devloper user cant see the entity.please see the example what i mentioned before.


Solution

Arkyadeep Bharadwaj,

Developers can see all entities of an application. However you might want to consider the option of making one eSpace consume another, where only some entities are public.

Solution

Marco Arede wrote:

Arkyadeep Bharadwaj,

Developers can see all entities of an application. However you might want to consider the option of making one eSpace consume another, where only some entities are public.

for this purpose we have to create multiple core application.give permission through lifetime.am i right?


Ah, users as in actual developers, that was not clear.

Yeah in order to achieve that you will have to create seperate modules for your data model and then grant access to only specific modules, this will create a more modular application, which is a good thing.

However, why limit your developers in their building? In development envs the data should not matter and you can limit the access in production or test environments.

Joey Moree wrote:thanks.some client wants to know is it possible or not for that reason.

Ah, users as in actual developers, that was not clear.

Yeah in order to achieve that you will have to create seperate modules for your data model and then grant access to only specific modules, this will create a more modular application, which is a good thing.

However, why limit your developers in their building? In development envs the data should not matter and you can limit the access in production or test environments.



This can be achieved thru lifetime configuration of teams having spplicstions assigned, IT user should have default role of none rights. And then per team or app a role with change and deploy rights.