Click or drag to resize

Role-Based Security

    Role-Based Security

Roles need to be exposed on Associates and User objects.

    Role  -> SORole (read-only)     User.Role  -> SORole (read/write)

Roles can be read-only objects in this version – just expose the get functions on SRoleModel:

SORole

    Identity  (read-only)     Name  (read-only)     Description (read-only)     HasFunctionRight( string )      DataRight( SOTableId, ERelationshipToOwner ) -> string ("CRUD" for full access, "R" for read-only.)

Note the use of a string instead of an id to query the function rights. [Enumerations.SOTableId_EN] is an existing enum. [Enumerations.EnRelationshipToOwner_EN] is a new enum.

Function rights have unique string ids as well as an id – to make code easier to read, and portable across installations.

 

Example

To see if the current user is allowed to run mail-merge we check if the user has the function right that Allows bulk operation: mail-merge.

The string id for this in the FunctionRight table is simply "allow-bulk-mailmerge"

VB
    Set curUser = db.GetAssociate( db.GetCurrentAssocId )
    canRun = curUser.Role.HasFunctionRight( "allow-bulk-mailmerge" )

 

 

If you had user admin permission, then you can use the Admin object to edit or add new roles:

VB
    Set newRole = db.Admin.CreateRole( enRoleTypeEmployee, Nothing )
    newRole.Name = "My role"
    newRole.Description = "Read only role"
    Set bulkInterest = db.Admin.GetFunctionRight( "allow-bulk-interests" )
    Set adminSaint = db.Admin.GetFunctionRight( "admin-saint-regeneration" )
    newRole.AddFunctionRight( bulkInterest )
    newRole.AddFunctionRight( adminSaint )
    newRole.DataRight( enTableContact, enRelToOwner ) = "CRUD"
    newRole.DataRight( enTableContact, enRelToGroup ) = "CRU"
    newRole.DataRight( enTableContact, enRelToOtherGroup ) = "CR"
    newRole.DataRight( enTableContact, enRelToOther ) = "R"
    newRole.DataRight( enTableProject, enRelToOwner ) = "CRUD"
    newRole.DataRight( enTableProject, enRelToGroup ) = "CRU"
    newRole.DataRight( enTableProject, enRelToOtherGroup ) = "CRU"
    newRole.DataRight( enTableProject, enRelToOther ) = "CRU"
    newRole.Save

 

This API corresponds to the Role panel in the Admin client:

Admin Role panel

Up: Using SuperOfficeDB   Prev: Recurring Appointments   Next: Saint Counters And Values          Edit