1
 Follower
7
 Likes

[Reactive] Consumed Server Actions authorized roles

Backend
Implemented
on 01 Oct 2019
Platform Server Release Oct.2019 CP6

Just like screens, "Consumed Server Actions in Screens" could have CheckBoxes for roles.

We know that in this cases, the Server Action will be available to the device through a REST API raising security challenges, having built-in authorized roles would minimize that.

Created on 17 May
Comments (2)

It already works that way.

When you call a Server Action from Screens, a REST API gets created for each Screen the Server Action is consumed on. That API requires the user to have the same roles as the Screen does.

J.Ja

Changed the category to Backend and the status to

Implemented
on 01 Oct 2019


Hi Francisco,

Thanks for your idea. It’s not obvious but, has Justin said, that is how it’s currently implemented. Role based security is guaranteed. Be aware that if you need row based security (e.g. a salesperson can only create or update records for his region, or users can changer only their user info) then you’ll need to implement that specific logic on the server side

Cheers,
Tiago Simões

views
169
Followers
1