Just like screens, "Consumed Server Actions in Screens" could have CheckBoxes for roles.
We know that in this cases, the Server Action will be available to the device through a REST API raising security challenges, having built-in authorized roles would minimize that.
It already works that way.
When you call a Server Action from Screens, a REST API gets created for each Screen the Server Action is consumed on. That API requires the user to have the same roles as the Screen does.
J.Ja
Changed the category to Backend and the status to
Hi Francisco,Thanks for your idea. It’s not obvious but, has Justin said, that is how it’s currently implemented. Role based security is guaranteed. Be aware that if you need row based security (e.g. a salesperson can only create or update records for his region, or users can changer only their user info) then you’ll need to implement that specific logic on the server side
Cheers,Tiago Simões