Hi, 

I have just listen to the role based security online class from OutSystems for mobile associate certificate and at the end, I stayed with a doubt. 

If I create a specific role, like Manager for example, can he access to the same information as a registered user plus the information that I specifically said for the manager?
Or he will only be authorized to see the manager information?  


thank you in advance!

Hi, friend.

OutSystems has a method called CheckRole method for each role created in the systems. You can, for example, make the access to a page with multiple roles or just one, as you wish. There are many thinks we can do with that permitions.

Thank you!! I went to see what CheckRole method could do, and yes I can check if the user has the role associated by using a server action (:.  
Yet, by default I have the registered role, and the anonymous role. If I create the manager role, and added to a user, does that mean, that the manager role includes all the information regarding anonymous and the registered? or will give him access only to manager information ? (asking this by default, because I have understood that I can manage the roles the way I want to).


 

 

Solution

The registered role checks if an User has ANY ROLE to grant access.

The anonymous role grant access to ANY USER, logged in or not.

So, if the user has the Manager role, it can access any area with registered permission. If some area of your application is set to anonymous role access, the Manager and any other user, logged or not, can access.
Thank you!! I went to see what CheckRole method could do, and yes I can check if the user has the role associated by using a server action (:.  
Yet, by default I have the registered role, and the anonymous role. If I create the manager role, and added to a user, does that mean, that the manager role includes all the information regarding anonymous and the registered? or will give him access only to manager information ? (asking this by default, because I have understood that I can manage the roles the way I want to).


 

 

 

 

Solution

Something like that

Lenon Manhães wrote:

The registered role checks if an User has ANY ROLE to grant access.

The anonymous role grant access to ANY USER, logged in or not.

So, if the user has the Manager role, it can access any area with registered permission. If some area of your application is set to anonymous role access, the Manager and any other user, logged or not, can access.
Thank you!! I went to see what CheckRole method could do, and yes I can check if the user has the role associated by using a server action (:.  
Yet, by default I have the registered role, and the anonymous role. If I create the manager role, and added to a user, does that mean, that the manager role includes all the information regarding anonymous and the registered? or will give him access only to manager information ? (asking this by default, because I have understood that I can manage the roles the way I want to).


 

 

 

 Thank you very much! that's what I wanted to know (:

 

 

I'm glad to help.


Best regards.