Role based security

Hi All,

I have a mobile app, i haven't used the User api for login into my application, i have other aoi for login into the application.

I want to know how will i manage the role based security in this case since i am not using users api,

Thanks in advance :)

Dhiraj manwani.

Rank: #128


No Problem you have to create a mapping entity to keep the user role. So once you have this you can easily check the role of user like OutSystems User module.

1. Add role in the application

2. Assign the role to the user

3. check the role of user on the login screen.


Rank: #5

Hello Dhiraj,

Not login into the platform is usually a problem, as you lose all the functionality related to users that the platform has built-in, including the role security-based system.

Then you need to create your own logic and entities to deal with this situation, increasing your application development and maintenance complexity, time to market, number of bugs, etc.

What usually is done, is to do a "silent login" using the Login action from the System module, after you authenticate the user in the external system. If the user does not exist in the User entity yet, you create it (no password storage required). 

This way, you can leverage the full potential of the platform.

As a side note, while the login in the platform is not mandatory, avoiding doing the login in the platform as a workaround to the limitation on the number of users goes against the license terms.


Rank: #5


You can assign roles, programmatically, using the Grant<Name of the Role>Role server action. 

But it will be assigned to the user only when it does the login in the platform, using the Users API or the System Login action, that do not requires password. In any case, if the user does not exist in the user entity yet, it must be created there first.

You can find more information on how to deal with external authentication here, here and here.