In the OutSystems Platform Roles are used to design your security policies and associate them with eSpace elements and end-users.
The OutSystems Platform provides you with a default set of System Roles but you are allowed to define your own User-defined Roles.
The System Roles provided by the OutSystems Platform are pre-defined in your eSpaces and are the following:
Anonymous: this role allows any end-user to have access to an eSpace element in the application, including users that are not logged in (non-authenticated users).
Anonymous is the most general Role and when you associate this role with an eSpace element all of the existing roles are automatically associated with it.
Registered: This role allows any end-user who have logged in to an application of the OutSystems Platform (authenticated users) to have access to an eSpace element of your application. This is possible due to the Single Sign-On mechanism of the OutSystems Platform which allows sharing end-user sessions among applications/eSpaces.
When you associate this role with an eSpace element, all of the existing roles are automatically associated with it, except the Anonymous role.
<Application Name>User: this role is used for allowing end-users to have access to application screens and operation. Learn more About End-User Management.
Create your security policies for the application by defining your own user-defined roles. For example, create a Back-office role, set this role in your application's back-office screens, and grant this role only to those end-users who are to have access to back-office screens.
To create a user-defined role, simply go to the Logic layer of the eSpace Tree, right-click on the Roles folder, select the Add Role option, and name the role.
The roles are set at design time by simply selecting the eSpace element and checking the roles in the Roles section of the Properties Pane.
The eSpace elements that you are allowed to associate Roles are the following:
By default all of the System Roles are checked when you create any of these eSpace elements.
Assigning Roles to End-Users
The assignment is done at runtime using the Users application that is provided by the OutSystems Platform. Alternatively, you are also allowed to design your own role association in your application using the Grant<RoleName>Role and Revoke<RoleName>Role role actions.
Using Roles in the Application Logic
Each role is provided with a set of built-in elements that allow you to design logic for it in your application. For example, you can check whether an end-user can perform a specific operation in the application and handle the error if he has no permission for that. Learn more on how to Use Roles.
Using User-defined Roles References
Service Studio provides you with mechanisms to reuse user-defined roles between eSpaces. You can expose your user-defined roles to other eSpaces or use user-defined roles defined in another eSpace.
In a Single Sign-On scenario, you can grant roles to users in any eSpace of the set since users are shared. However, if you need to use any of the roles in other eSpaces of the set, you must use role references because they are not shared.
Role Properties | Use Roles | Find and Replace Role Usages | Single Sign-On