1
 Follower
6
 Likes

New screens created without any role by default

Frontend
On our radar

It's always better to have to check who we want to give permission to instead of having to checkout who we don't have to have permission.


Plus being an error prone task, it lowers the impact an eventual lapse might have.


Created on 9 Aug 2018
Comments (10)

Yup,


Never understood this, because it's indeed very insecure :(


Changed the category to Service Studio


Changed the category to Frontend


Changed the category to Frontend


Changed the category to Frontend


Changed the category to Frontend


Changed the category to Frontend


Changed the status to
On our radar


Hey guys,


Are you arguing that that should be the case whenever you have a set of roles already defined, or even if you don't, neither anonymous nor registered roles should be picked?


Regards,

Ricardo Alves

Yes André Ramos..

Hi Ricardo,


What I meant was that by default, the newly created screens should have no Role selected by default.


The developer should get a "clean" screen and whichever roles he wanted to give he would have to pick. 


It would have two advantages:

1 - We unselect roles more often than we select because a screen normally has a limited set of roles. The outlier scenario is giving the "Registered" role and that one already selects everything so it's covered.

2 - It happens frequently for a developer to forget to remove a given role for a new screen. So this way would be less error prone.

views
324
Followers
1