Home > English > Application level Security – Part III (Screens)

Application level Security – Part III (Screens)

In the last two posts we have done a lot of talking and discussing the requirements and database model to support implementing a security system that will allow for enforcing permissions based on roles and explicit screens.

Role Maintenance
Now let’s start looking at the screens make all of this happen. We will start with the Role Maintenance screen. The Role Maintenance screen provides the ability to manage all roles in the application. Users can create, modify, or delete roles. The following is a screen shot of the Role Maintenance screen:

Adding a Role
When adding a role, the user clicks on the New button to left side of the toolbar as shown below:

This will bring the following popup:

In my scenario, the system has several modules that represent different lines of business. The user can pick what Application they wish the role to belong and then enter a name for new role. The user clicks on the Save button to commit the new role to the database.

Adding Screens to a Role
The user associates screens for a given role. With the new role that the user has created, the user clicks on the Add New button to the right of the Screens title of the grid as seen below:

This will bring up the following popup:

The user can multi-select screens to add to the current role. NOTE: Only the screens that are not already associated with this will will show up in the selector. Once the user closes the selector screen, the user can assign the appropriate permissions as shown below:

The user clicks on the Save button to commit the new screens and permissions to the database.

Deleting a Role
The user has the ability to remove existing roles. Based on business requirements, the user must first remove all associated screens to this role. To delete a role, the user clicks on the Delete button in the toolbar as shown below:

This will bring up the following a confirmation dialog:

After the user clicks the Yes button, the user clicks on the Save button to commit removing the role to the database.

Removing Screens from a Role
As stated previously, before a Role can be deleted, all screens must first be removed. The user clicks on the delete button to the right of the role in the grid as shown below:

This will bring up the following a confirmation dialog:

After the user clicks the Yes button, the user clicks on the Save button to commit removing the screen from the role.

User Access Security
The User Access Security screen provides the ability to control user access to all screens in the application. A user can assign existing roles to user accounts or define explicit screen permissions. The following is a screen shot of the user “matt” and his user access permissions:

Adding a User Role
When adding a user to a role, the user clicks on the New button to the right side of the User Roles title in the tree.

This will bring up the popup as seen below:

The user will first pick what Application he/she wants to filter the existing roles and then selects the appropriate role. NOTE: Only the roles that have not already been associated with this user account will be displayed. Finally, the user clicks the Save button to commit his/her changes and have the tree refresh to reflect the change as well.

Deleting a User Role
The user has the ability to remove roles from user accounts. The user clicks on the Delete button to the right of the role title in the tree.

This will bring up the following a confirmation dialog:

After the user clicks the Yes button, the user clicks on the Save button to commit removing the role from the user account. The tree will refresh to reflect the removal.

Editing a User Role Screen
The user has the ability to override any screen permission for a role. The user clicks on the Edit button to the right of the role title in the tree.

This will bring up a popup as seen below:

The user can then change the permissions for the specified screen. NOTE: This action does not change the role. The system will check to see if there is an existing explicit permission and open it up. If the system cannot find the corresponding screen permission, then it will create a new one for the user account. Finally, the user click the Save button to commit all changes to the database and the tree will refresh.

Adding a Screen User
When assigning screen permissions to a user account, the user must click on the New button to the right side of the Explicit Screen Permissions title.

This will bring up a popup as seen below:

The user will first pick what Application they wish to filter the screens and then they select the corresponding screen. NOTE: Only the screens that have not already been associated with the current user account will be displayed. Finally the user clicks the Save button to commit their changes and have the tree refresh to display the new change.

Deleting a Screen User
The user has the ability to remove screen permissions from a user account. The user clicks on the Delete button to the right of the screen in the tree.

This will bring up the following a confirmation dialog:

After the user clicks the Yes button, the user clicks the Save button to commit their changes and have the tree refresh to display the deleted change.

Editing a Screen User
The user can modify any existing screen permission on a user account. The user clicks on the Edit button to the right of the screen in the tree.

This will bring up a popup as seen below:

The user can then change the permissions for the specific screen. Finally, the user clicks the Save button to commit their changes and have the tree refresh to display the modified change.

A Note about Roles and Explicit Screen Permissions
If a user account has a role associated with it and the user account also has an explicit screen permission that is also part of a role. The explicit screen permission always has a higher priority over the role when enforcing the security model. This is a simple business rule and you could do more here to deal with concurrency issues between screens in roles and explicit permissions.

Wrap up
This should give you an idea as to how you can build a security infrastructure to provide roles and permissions. In the last post of this series we will see how this affects building the menu and enforcing the explicit permissions.

Advertisements
Categories: English Tags: ,
  1. Christophe
    August 31, 2010 at 9:22 pm

    Hi Matt,
    thanks for your posts and I’m looking forward for the next one. You are describing a real good solution.

    Any chance you will share some pieces of code (or the complete solution) ? there is a lot of aspects in your decription, like security, screen, prism and loading module ondemand / based on role, etc. and this would be a great example and how-to.
    I hope you will 🙂

    Thanks a lot for this great story.
    Christophe

    • September 1, 2010 at 2:48 pm

      Hi Christophe,

      Thanks for your interest. Once I finish this series, I will try and put together a simple example. I am also thinking about posting a video of a working application showing all of the features we have discussed so far.

      Matt

  2. Christophe
    November 3, 2010 at 9:27 am

    Hi Matt,
    Any news on this topic ? 🙂
    Do you plan to share some bit of code ?

    Thanks,
    Christophe

    • November 10, 2010 at 11:07 pm

      Christophe,

      Yes, I do plan on providing a sample application once I am done with the series. It will probably happen over the holidays as I have some time to get it setup.

      Regards,

      Matt

  3. Dhinesh Kumar
    January 18, 2011 at 4:55 am

    Hello Matt

    I am interested to see the sample application that you are developing using Silverlight. Is it possible to share the source code with us so that we will learn few techniques from it?

    Best Regards
    Dhinesh Kumar

  4. December 22, 2011 at 4:57 am

    Hey Matt,

    Great job! Where’s part IV? Thanks!

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: