Generally the term Role is a synonym for a group of Users. Having some Roles in each project is always recommended. For example, you could define a separate Role for Operators, System Operators and Project Engineers. Doing so you could assign Users to Roles and afterwards assign Security Objects, like Grants to each Role. Doing it that way is much more convenient and requires less administration than assigning each Grant to each User. New User accounts can easily tied to already existing Roles. Defining a set of Grants to a Role is done once per Role. This is standard security management in multi-user enterprise applications.
The Grants in Table 9.1, “Table of Grants regarding Role Management” determine the actions an User can perform on Roles. All Grants are stored in the
secured-objects.xml
file of the main Flex Application
Module.
Table 9.1. Table of Grants regarding Role Management
Grant Key | Description |
---|---|
APP_Role_Management | Permission to open the Role Management Screen. |
APP_add_roles_button | Ability to add new Roles. |
APP_save_role_button | Ability to save changes on a Role. |
APP_remove_role_button | Ability to remove an existing Role. |
APP_assign_grants_button | Assign to or remove Grants from a Role. |
APP_assign_users_button | Assign to or remove Users from a Role. |
From the main application actions bar click Roles and assign individual Grants and Users to each of them.
-> to open the Role Management view. Purpose of this management view is to declare securityTable 9.2. Actions bar of the Role Management View
Icon | Description |
---|---|
Open a dialogue to create a new Role with name and description. | |
Delete an existing Role. | |
After double-clicking a Role you can change data and press Save to save your changes. | |
Reload and refresh Role information from the persistent storage. | |
Assign Users to a selected Role. Opens a dialogue to add Users to the Role. | |
Select already assigned Users you want to remove from the selected Role and press this button to remove their Role membership immediately. | |
Select a Role and press this button to assign one or more Grants to the Role. An dialogue opens to assign or remove Grants from a Role. |
To create a new Role press the 'Create' button of the actions bar (). In a simple dialogue, you have to provide the name of the new Role and an optional descriptive text. After the Role is created the roleName is prefixed with 'ROLE_'.
Existing Roles can also be modified. To change the role name or description, just double click the Role to open a dialogue, like shown in Figure 9.3, “Modify a Role”, where you can change the values as desired.
If you already have a Role defined, you are now able to assign Grants to this Role. Just select the Role and press the 'Assign Grants' button (). A dialogue opens that lists all non-assigned Grants on the left side and all currently assigned Grants on the right side. Choose the Grants you want to add or remove to a Role and press one of the shift buttons in the middle. After you confirm the dialogue you have to save the Role. Your changes do not take affect without saving the Role explicitely, because you could have done changes to the Role before.
Role Management does only make sense when you assign Users to Roles and manage access control through Roles. So go ahead and add some Users to a defined Role. Press the 'Assign Users' button () and do it like you did before. Nearly the same dialogue opens where you can add or remove one or more Users from a selected Role.