Hi,
We have both Login Users. One is a Manger & One is an Employee. The manager can access view the employee details as well as edit the details. Employees can also view the screen and are unable to edit or delete or delete the details. Employees can open details but not edit or delete the details. What is I am saying Save or edit buttons are not to show employee users.
Because anyone can view the page source and make it visible if they want. Or they can go into the JavaScript and adjust the values of whatever you used to check the roles. Or make a call to the backing service that the button uses, and use the button's code even if the button itself is not on the screen.
Never depend on hiding screen elements for security in Reactive... it's not secure.
J.Ja
hi ,
simple solution is to set visible=True for save/edit button if the user is manager
Hi, If the employee accesses the page. He can only view the screen only. Not showing the save or edit button for the employee(user)
Hi prabu v
i have attached a oml file . please take a reference from it .
Happy coding!
In a Reactive app, this is NOT secure.
Hi Justin
could you please tell us for what you are saying that this is not secure.
Thanks!
HI Prabu V ,
if you want to hide buttons according to there roles, then you can enclose that buttons in a container and apply if condition on visible properties of that container ,
Check if that works for you. like and mark as solution.
Thanks
shehroze khan
This is NOT secure in Reactive. Anyone can view the source and make it visible to click the button.