Skip to main content
OutSystems

How to grant user roles dynamically

Question

Can I give end-users the flexibility to assign roles and define what those roles can access?

For example, I want to implement a role TESI with the ability to View, Add, Edit, Print and Delete on the Audit Trail module. I want these roles to be maintained by end-users and not the development team.

user roles2.png

On the Users eSpace I can see that each page in the environment has a user role that can access the page. However, I want to define this dynamically, through a front-end user interface.

user roles.png

Answer 1

user roles3.pngCreate fine-grained roles in the environment, one for each permission. For example:

  • AudiTrail_View
  • AuditTrail_Add
  • etc.

On your screens and logic, use the role functions to restrict or allow access:

  • CheckAuditTrail_ViewRole()
  • CheckAuditTrail_AddRole()
  • etc.

On the maintenance screen for permissions, restrict access to the Admin role or similar. Then, use the related role actions Grant<Role> and Revoke<Role>:

  • GrantAuditTrail_View(), RevokeAuditTrail_View()
  • GrantAuditTrail_Add(), RevokeAuditTrail_Add()

As an alternative, you could update the platform's data model directly. See below the relevant entities, that you can reference from the (System) module.

user roles4.png

Answer 2

Handle the permissions in your data model.

  • Add a Permission static entity, with all the necessary options: View, Add, etc.
  • Add an entity Role_Permission that allows you to configure the permissions for each role.

user roles5.png

Define a simple action to check if the user has a certain permission within a role. For example, an action that:

  • Receives the UserId, RoleId, and the PermissionId.
  • Returns True if the user has the role and the role has the permission.

Finally, use this action in the appropriate screens.