10.4 Manage Users and Groups
10. Restrict Access to the Application
10.4. Manage Users and Groups
We'll finish this module with a recap of the main concepts of security and also
with a new concept, which is the group. And the group basically allows you to assign
and revoke roles to a set of users instead of doing, of doing it one by one.
So let's start with the basic principle. You recall we said that the roles are the
basic principle for us to set our security policies. They are defined in design time
and we can have different roles. We can have the built-in roles like the anonymous
and the registered. Remember that anonymous means that all users authenticated or
not authenticated will have access to that information. And the information we're
talking about is the elements that are associated with these roles,
namely the Web screens. Okay?
So if a Web screen is anonymous this means that all the users have access to that
screen. They don't need to authenticate. They don't need to pass through the login
page. The other built-in role is the registered and this means that only users that
pass the authentication process, that pass the login page, that provide right
credentials are entitled to go into that screen. So if we have here,
again, our dashboard, if our dashboard has a tick on the registered,
this means that users that pass the login will have access to this Web screen.
And then, so these were the built-in roles and then we have some user define roles.
We have a default one created with our eSpace, which is the customer support user.
And we added a new one which was the customer support manager.
And with these roles you can set access to the Web screen and also set the
visibility of some elements inside those screens.
Like for instance, the high and low buttons here, using the API,
let me expand here the role, using the API that is provided by Service Studio.
So we have here the check customer support manager roles. So this was the action
that we used over and over to make our validations in terms of if the widget should
be enabled or disabled, and if the buttons are visible or not and also for some
server side validations. You see here that along with the role and apart from this
check customer support manager role. We also have a couple of actions to grant and
revoke these roles. And you can use these actions to programmatically grant or
revoke the role to the user. And we also saw that there is an application to manage
the users in OutSystems and that's the Users application.
So let's leave Service Studio. We've seen here the basic elements.
And let's go back to the browser and see our application and the Users application.
So let me open here, the application in the browser. You recall that the first time we
login in our application we used the default username and password.
So we're going to do that again; admin, admin. And as you can see here the
administrator has access to the customer support, to the customer support
application. And we're going to see why this happens. You recall that we filtered,
we set the access to these pages to be only roles defined in the customer support.
Okay? We will see why the administrator has access. First let's move to the Users
application. So let me use here a bookmark that I have. So this is the Users
And as you can see I'm still logged in as administrator and let me show you why the
administrator has access to the customer support. What happens is that when we
publish the application, we, as we said, the roles that are defined in the
application are made available to the Users application so that we can assign those
roles to the users. One other thing actually happens is that when you publish,
the new roles that are created are automatically assigned to this administrator
user. So this administrator has access to all the applications.
And this is also the basic interface for us to manage the users.
We can edit the information that we have here. We can change the password.
We can change the password of the user and we can also set the user as inactive and
this means that this user will not be able to login in any application.
So this is a quick way to fully disable the user and we saw here that this allows us
to assign roles to the users. Remember that we created this Peter Man user,
let me go into it, and we gave him the customer support manager role.
Now about groups; as I said in the beginning of the lesson, the groups allows us to
assign and to revoke roles to a set of users instead of doing it one-by-one,
instead of going to one user. For instance, imagine that we want to create a group
which is the manager group and instead of coming here to Peter Man,
and to all other users that are managers and assigning a role or the roles that
compose this, that this user should have. Because here we only have customer
support, but imagine that the managers also need access to the purchase management
So we would need to assign this role to Peter Man as well. And instead of doing this
assignment one-by-one, we can create these groups. And let's go here,
we do this in the groups tab and let's create the managers group.
Manager, so we can give it, we must give it a name, it's a mandatory field.
We can give it a description and I will not bother with that for now.
And now I can assign to this group, I can assign some members.
At the moment there are no members assigned. And I can assign the roles.
So for instance, let me assign here the customer support manager role,
and the purchase management user. Okay. And now that I have these roles set to this
group I can assign members to my group and each new member that I assign to the
group will automatically be granted these roles and will have access to these
So for instance if I say that [Abe Hires], Abe Hires is a manager and I assign him
here, then Abe Hires will have access to these applications.
And on the other side we can also do this assignment on the user.
So let's go here to the users and let's say that Ann here, Ann is also a manager.
So let's assign the managers group to Ann. And you see here,
you'll see here they automatically get the roles. And you see here that this role
was granted via the managers group.
Okay, so this is all you have to know about groups. There is one other thing that I
would like to show you regarding authentication. So we basically went through the
default authentication method through the platform. But as you can see here,
there is a way to configure alternative methods for authenticating your users.
If you go here into the configure authentication, we can say that authentication is
through active directory for instance or any other LDAP service.
Okay? So this is just for you to know that there are other ways to do the
authentication in the platform. And that's it.
No file chosen
Login to reply
Posted on 5 Feb
testing manage users and groups
OutSystems© All rights reserved. Custom built with