It is sometimes necessary to restrict access to some users or users with a certain role to certain classes (editing, creating new objects/delete/view the list). To do this, you must configure the powers for users/user roles.
To create a role that will make some adjustments (for example, disabled the ability to remove objects from a list for a particular class), in two ways:
- in the section “Administration\Roles” in приложении;
- Security Console.
The list of users is generated based on the database credentials.
Credentials are configured in the section “Classes” on the form edit role or user. For example, there are 4 classes. One cannot be read, the second for editing, the third is to create a new object, a fourth to remove. The authorization setting is as follows:
the Creation of powers for classes in authentication forms-based
To configure the credentials you should add the user(s) in the section “Administration\Users” in the app (if users are limited and the list is not built based on the database of the authority). Execute one of the following:
- assign the user role with limited полномочиями;
- restrict permissions on the edit form of the user.
the Creation of powers for classes with windows authentication
In order to limit the powers of the users in web application with windows-autentifikatsii follows:
- create role default:
<configuration>
<appSettings>
<add key="DefaultRoles" value=Tester/>
<!--...-->
</appSettings>
<!--...-->
</configuration>
- configure it with полномочия;
- add users to the database system of powers:
protected void Page_Load(object sender, EventArgs e)
{
//...
ApplyTreeViewCookie();
// Executing the method CreateDbUser in the database are added the following objects:
// 1. The user is bound to the domain and role assigned by default.
// 2. Domain user, if he previously absent in the system of authority.
if (AuthenticationAdapter.GetDbUser(Context.User.Identity.Name) == null)
{
AuthenticationAdapter.CreateDbUser(Context.User.Identity.Name);
}
//...
fio.Text = Context.User.Identity.Name;
//...
}