Does having the roles 'anonymous,' 'registered,' and 'application admin' selected in an OutSystems application mean that all end users can access the information, or is it limited to only application administrators?
Hello Lekshmi,
Anonymous:
Allows any end user to access the element, including users that aren't logged in (non-authenticated users). Anonymous is the most general Role and when you associate this Role, for example with a screen, all the existing Roles are automatically associated with it.
Registered:
Allows any end user who has logged into an Application running in the same Platform Server (authenticated users) to access the element. When you associate this Role with an element all the existing Roles are automatically associated with it, except the Anonymous role. The users which are there in the User entity can access the screens which has register role.
Application Admin:
This is the custom role which you will create in the application so when a user has this role he will be able to access that particular screen.
Also please refer to this links it will help you for understanding roles in outsystems.
https://success.outsystems.com/documentation/11/developing_an_application/secure_the_application/user_roles/
https://success.outsystems.com/documentation/11/developing_an_application/secure_the_application/user_roles/create_and_use_roles/
Regards,
Pavan R
For you knowledge..one more thing I want to add about roles when It comes to security of the application you should avoid setting Anonymous and Register roles to access screens if you set this you will get the warning in the AI mentor studio something like this:-
Hope it helps you.!
Thank you
Hii @Lekshmi Revi N ,
If you select Anonymous role, it means anybody on the internet can access your URL,
by selecting on Registered role, you can restrict it to only users which are registered in your environment.
and by selecting Application Admin, only registered users who have 'Application admin' role can access.
So in your case uncheck the anonymous role option.
you can also refer to Role based security for better understanding of roles, authentication and authorization in outsystems.
Thanks.
Anees
Hello @Mohd Anees Mansoori ,
Thank you for your answer.
If all three roles are selected, which role would have priority?
Thanks
Lekshmi
Hello @Lekshmi Revi N,
Incase if all the three roles are selected then Anonymous will get the priority and anybody can access your URL.
If you want to restrict then you must uncheck the anonymous role.
Feel free to ask if still there is some query.