Can I give end-users the flexibility to assign roles and define what those roles can access?
For example, I want to implement a role TESI with the ability to View, Add, Edit, Print and Delete on the Audit Trail module. I want these roles to be maintained by end-users and not the development team.
On the Users eSpace I can see that each page in the environment has a user role that can access the page. However, I want to define this dynamically, through a front-end user interface.
Create fine-grained roles in the environment, one for each permission. For example:
On your screens and logic, use the role functions to restrict or allow access:
On the maintenance screen for permissions, restrict access to the Admin role or similar. Then, use the related role actions Grant<Role> and Revoke<Role>:
- GrantAuditTrail_View(), RevokeAuditTrail_View()
- GrantAuditTrail_Add(), RevokeAuditTrail_Add()
As an alternative, you could update the platform's data model directly. See below the relevant entities, that you can reference from the (System) module.
Handle the permissions in your data model.
- Add a Permission static entity, with all the necessary options: View, Add, etc.
- Add an entity Role_Permission that allows you to configure the permissions for each role.
Define a simple action to check if the user has a certain permission within a role. For example, an action that:
- Receives the UserId, RoleId, and the PermissionId.
- Returns True if the user has the role and the role has the permission.
Finally, use this action in the appropriate screens.