|
|
|
Web Resource Access
Configurations
Creating
Access Configurations
See also: Web Resource Files, User Roles, Authorizations and Credentials, Configuring Web Resources
Introduction
Web Resources are files stored in the workspace or on the server, which are directly loaded by the browser and can be included in forms. An Access Configuration for a Web Resource specifies a set of permissions required to access that file, or a containing folder.
Access Configurations
An Access Configuration (shortened to config henceforth) is comprised of a path and some number of permissions required to access that path.
Path
This can be a path to a Web Resource stored in a workspace or an external location. Additionally a path can be specified to a folder, constraining access to all contained Web Resources. If multiple configs could apply to a path, the most specific is chosen; if you have permission to view ‘/secret/santa’ you do not also need permission to view everything in ‘/secret’.
Paths can be absolute, but for locations in the workspace the syntax ‘$ws’ can be used to refer to the root folder of the project, e.g. ‘$ws/Images/image1.png’. It will look in the location of the project that invokes the form, and if the path is not found it will then try the dependency projects in the order specified in Project Properties.
Furthermore, Credential Substitutions can be used to specify configs with dynamic paths by substituting the user’s value for a given credential. Examples are given below with the credential ‘employeeId’:
Full section example: ‘/employees/&&employeeId’
Part section example: ‘/payslips/{&&employeeId}_June’
Permissions
The permissions for a path can be any combination of the three permission types- roles, credentials and authorizations- each of which can have multiple entries. Permission types are associated with a user at sign-on time using a Logon Service. The types are summarised below:
Role- a single
value, for example indicating the user’s job or access level
E.g. Manager, Supervisor,
Auditor
Credential- a credential name and associated value
E.g. employeeID:654321, department:IT
Authorization- a type of authorization, name of specific item, and function to be run
E.g. Customer:AccountId:Create, Account:CustomerName:Change
If an access configuration for a path is defined without any permissions, then the path is made inaccessible to all users.
Creating
Access Configurations
Configs can be created and edited in the Web Resource Access section of the Server Administration Application, see the linked section documentation for full details.