Builds a more complex access profile management framework / architecture than the OutSystems Native, utilizing the native possibilities ... "UserProvider, Group, Role and User"

But I had a problem. A user can have more than one Profile (I use groups to be Profiles) and assign Roles to groups ...


A user can be an analyst (group) of a company (customer - group_User detail), which accesses the X, Y and Z (Roles) functionality.

This same user can be Developer (group) of another company (customer - Group_User detail), which accesses the Y and W functionality.

By default when logging in Outsystems loads the effectives roles of this user through UserId ....

At this point he assigns the user all roles - X, Y, W and Z ... regardless of which profile he chooses for that session (internal application handling).

Does anyone know of a possibility to continue using native CheckRole, where Outsystems takes into account the selected group?

Or tips to make implementation simpler or less complex ...



I had the same use case in a project I was where my groups were roles and the Outsystems roles were actions  (like DocumentList or DocumentRead). But instead of adding groups to the users we create our own table where we saved the possible roles for each user. During login we asked the user to select which of those roles he wanted to use and we granted the roles on during that session.

Hope this helps and if you have any other question let me know.



Marcelo Ferreira escreveu:


Eu tive o mesmo caso de uso em um projeto em que meus grupos eram funções e as funções de Outsystems eram ações (como DocumentList ou DocumentRead). Mas, em vez de adicionar grupos aos usuários, criamos nossa própria tabela, onde salvamos as funções possíveis para cada usuário. Durante o login, pedimos ao usuário para selecionar quais dessas funções ele queria usar e concedemos as funções durante essa sessão.

Espero que isso ajude e se você tiver alguma outra dúvida, me avise.



Thanks for the help, but in my case I would like to continue using the native security functions ... CheckRole and etc ...

In this solution I would have to maintain the USER x GROUP relationship every session !!


When you use the grant action of roles you still can use the CheckRole. You can see in this document an example of when granting and revoke is used.