BuyLog In
Ticket Q369671
Visible to All Users
Duplicate

We have closed this ticket because another page addresses its subject:

Security.MemberLevel - Allow to configure access to members by criteria

Member and Object Permission with new Security strategy

created 13 years ago

Good day
please can you help me with the following question regarding member and object permissions in the new security strategy I have the following hypothetical example.

  1. I am using security strategy complex with users and roles.
  2. I have a role called franchisee.
  3. I have an object called object1 with two properties description and price.
  4. The franchisee role only has navigate access setup on this object and nothing else is ticked.
  5. Under the member permissions for this object there is nothing ticked.
  6. Under the object permimssion I have created a permission with the criteria of 'description like '%fred%' and read and write access on this permission,
    Everything works as expected and I can only navigate and cannot view objects that do not fit the criteria and I can read and write objects that do.
    My question is how do I set up the permission so that I do not want this role to be able to update the price property? If I select read only (tick read and untick write) on the member permission of the price property, it then displays all prices for all objects in the listview (but restricts viewing of description) and ignores the object permission, which I dont want.
    How do I get around this? I am not using the middle tier application server at present,
    Can you help?
    Thanks in advance
    Chris
Comments (3)
Dennis Garavsky (DevExpress) 13 years ago

    Hello Chris,
    Thank you for your interest in our new features.
    At present, it is not possible to mix permissions on certain object instances with permissions on members of these objects. First, permissions have greater power here. However, it is still achievable and we would like to work on this in the future:
    Security.MemberLevel - Allow to configure access to members by criteria
    In the meantime, you can configure a Conditional Appearance rule to prevent updating unwanted fields. Please let me know if this helps.
    Thanks,
    Dennis

    CP CP
    c Pitt 13 years ago

      thanks for your feedback Dennis. Yes I think the new security strategy is a big step forward and it can become quite complicated in describing what you want to achieve and to cater for each situation, but I am glad you will look at it in the future as I think it makes sense to be able to apply both permissions to an object at the same time. Personally I would say that the object permission has the overriding permission in that you are limiting the access to the object from an object level, then if you have access to the object you can then limit the access to the members of the object and not the other way around.
      Chris

      Dennis Garavsky (DevExpress) 13 years ago

        Hi Chris,
        Thank you for sharing your thoughts with us. We will take them into account when prioritizing our features. I have also added your feedback to the discussed suggestion.
        Thanks,
        Dennis

        Sign in to comment on this post

        Disclaimer: The information provided on DevExpress.com and affiliated web properties (including the DevExpress Support Center) is provided "as is" without warranty of any kind. Developer Express Inc disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.

        Confidential Information: Developer Express Inc does not wish to receive, will not act to procure, nor will it solicit, confidential or proprietary materials and information from you through the DevExpress Support Center or its web properties. Any and all materials or information divulged during chats, email communications, online discussions, Support Center tickets, or made available to Developer Express Inc in any manner will be deemed NOT to be confidential by Developer Express Inc. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.