Skip to main content

 

 

 

 
Language:

 

 

 

 
 
OutSystems

Application Users Groups and Roles

Template:OutSystems/Documentation_KB/ContentCollaboration
  • Edit
    Collaborate with us
    Edit this page on GitHub
  • Another important topic regarding data migration is the application Users, Groups and Roles. This section provides explanations about how the entities in these areas relate to each other.

    Entity-Relationship Model

    The following diagram shows the relationships between Entities Users, Roles and Groups.

    Relationships between Entities Users, Roles and Groups

    The records for the entities in the diagram above can be generated from the following sources:

    • Service Studio

      • Publishing Espaces with new or changed Roles
      • Updating Applications or Espace Modules
    • Service Center

      • Uploading and Publishing Applications, Solutions, Espaces with Roles
    • Lifetime

      • Pushing Applications to another Environment with Roles
    • User Applications

      • References to the Exposed Entities and methods
      • Application bootstraps for Users, Groups, and Roles

    Condiderations

    Take into account the following considerations:

    • Users, Groups, and Roles are not managed by the OutSystems Platform. Only by applications (By default there is the User Application Tool to manage it)

    • Roles don’t have to be migrated since they are created when publishing an Application, Solution or Espace

    • LifeTime syncronizes IT users across environments. In this case, Users from Service Center user provider (typically, tenant_id = 1) don´t need to be migrated.

    • If LifeTime is not being used to manage the infrastructure and applications lifecycle, the Service Center manages the IT users in each environment. In this case, if the applications being migrated utilize Service Center as User Provider, you should take these users into consideration to be migrated.

    • The way to relate these entities between environments is: Users - the attribute Username (and Tenant ID) (Note: Being different environments, and application it is possible that a user named john.doe in production may not be the same john.doe in pre-production).

    • Groups - the attribute Name (and Tenant ID)

    • Roles - the attribute SS_Key and the related Espace SS_Key attribute

    • User IDs, Role IDs, and Group IDs

      • Search for Users, Groups, and Roles dependencies, where they can be used:
        • User Application Entities consuming references
        • BPT Activity Definitions - Activity Role Permission, User that toke role in Processes and Activities
    • Applicational data typically has references to the User entity (for example, CreatedBy type of audit columns) So, a step of the migration process has to traverse all foreign keys and understand all records that are holding said user records, to align the corresponding User between environment and then, taking that in consideration when migrating, the application data with the changed foreign keys

    • User Roles & User Groups Configurations

      • Configurations must be migrated and aligned between the source and destination environments to have the same applicational results and behavior between environments. That stands for roles assigned to users, roles assigned to groups, and groups assigned to users
    • Other topics to be aware of:

      • User Passwords (Encryption)
      • Authentication Model (Different User Providers, IdP, AD, etc)
      • Tenant - if different User Providers are being used (that means different User Tenant IDs)

    Entities Description

    Users

    Name Physical Table Name Description
    User OSSYS_USER End-user of the applications. Shared between eSpaces with the same user provider (defined in Service Studio)
    Producers
    -
    Consumers
    OSSYS_APP_VERSION
    OSSYS_APPLICATION
    OSSYS_AREA
    OSSYS_BPM_ACTIVITY
    OSSYS_DEBUG_SESSION_DATA
    OSSYS_DEVELOPER
    OSSYS_ESPACE_VERSION
    OSSYS_ESPACE_VERSION_PTA
    OSSYS_GROUP_USER
    OSSYS_RECOMPILATION_LOG
    OSSYS_SERVICECENTER_USER
    OSSYS_SESSIONTOKEN
    OSSYS_SOLUTION
    OSSYS_SOLUTION_PACK_REFERENCE
    OSSYS_SOLUTION_VERSION
    OSSYS_SOLUTIONAPPLYSETTINGS
    OSSYS_USER_DEVELOPER
    OSSYS_USER_OPTION
    OSSYS_USER_ROLE
    OSSYS_USER_USERPOOL
    OSSYS_USERSERVICEACCOUNT
    -----------------

    Roles

    Name Physical Table Name Description
    Role OSSYS_ROLE Espace specific roles as defined in Service Studio. Old roles are kept as inactive
    Producers
    OSSYS_ESPACE
    Consumers
    OSSYS_BPM_ACTIVITY_DEF_ROLE
    OSSYS_GROUP_ROLE
    OSSYS_USER_ROLE

    User Role

    Name Physical Table Name Description
    User_Role OSSYS_USER_ROLE Roles for each end user
    Producers
    OSSYS_ROLE
    OSSYS_USER
    Consumers
    -

    Groups

    Name Physical Table Name Description
    Group OSSYS_GROUP Set of users managed in runtime
    Producers
    -
    Consumers
    OSSYS_BPM_ACTIVITY
    OSSYS_GROUP_ROLE
    OSSYS_GROUP_USER

    Group Role

    Name Physical Table Name Description
    Group_Role OSSYS_GROUP_ROLE Roles shared for a specific user group
    Producers
    OSSYS_GROUP
    OSSYS_ROLE
    Consumers
    -

    Group User

    Name Physical Table Name Description
    Group_User OSSYS_GROUP_USER Users of a specific group
    Producers
    OSSYS_GROUP
    OSSYS_USERS
    Consumers
    -