Grant Role dynamically within the application

Hi OS Community,

I have an application, with multiple projects within that application. A user may be granted different Roles to different Projects. 

For example Tim has Admin access to Project White, but only User access to Project Blue. Jess has User access to both Project White and Project Blue.

Is the below the correct way to implement this:

  1. Create a table in the application which records the ProjectId, RoleID and UserId.
  2. Add users to this table based on their roles per project.
  3. When they enter a project specific page, at OnInitialise check their Role and use the Role API to grant them that role.

I have run a quick test and it appears to work as expected. My specific question is whether:

  1. Running the server action OnInitialise to check and grant a role is a massive no-no.
  2. Whether there is a better way to do this.



Hi Rob,

If you need to create and update projects dynamically within your application, I think your approach to create a Project/Role/User table makes sense since they provide a project-level control that you wouldn't be able to get from built-in OutSystems User roles, and you can easily query that Entity for validating user permissions and create/delete records to grant or revoke them.

In general, calling Server Actions or other potentially slow actions in the OnInitialize event handler will slow down your application and therefore it is not recommended because it runs in full before the user navigates and renders the screen. For checking the role, you should instead create a Data Action and call your Server Action from it, including one or several output parameters to represent the access levels. After this, you can modify the logic/appearance of your screen to adapt according to these values.

Now, for granting the permissions, the user shouldn't be granted permissions automatically just by entering a screen. I would recommend having some other direct mechanism, say a separate "Control Panel" screen where an App Administrator type of role can assign and check permissions to different users and projects. If for some reason you need a 'default' role for all users entering all types of screen projects, then you could use the absence of a record in your ProjectId/RoleId/UserId table to represent that default role, so that you don't need to create new records unnecessarily every time a user enters a project screen.

Hello Robert

I am not sure if I am getting your question correct but let's see if this could help you for first question

Running the server action OnInitialise to check and grant a role is a massive no-no.

Seems could be done easily - 

Hi Robert,

You can check the role OnInitialise action and may be grant the role while you are creating a new user



Thanks all,

Looks like i'm on the right track - just wanted to make sure there wasn't already a better way to do this.

@Francisco Calderón - Thanks for the lengthy explanation. I've got the admin screen for each project where i can assign a user so the roles are determined by that - sorry if unclear. 

Cheers all,


Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.