Omnis user privileges

Rob Mostyn mostyn at platformis.net
Thu Jan 12 12:32:45 UTC 2023 

There are lots of ways to skin this cat Xavier and I’ve created 2 or 3 systems over the decades, but finally rested on this one:

On our GIT repository (https://github.com/PISL/omnis-infra) you can find our infra library which includes a role based security system.  The 5 tables are:
uaUsers
uaPermissions
uaRoles
uaUserRoles
uaRolePermissions

The ua prefix is for the group of "user access" tables.

Users are where you define your users.  You’ll have one of these already I imagine so you could drop the uaUsers table and adapt uaUserRoles to refer to your own table.  Or mirror the contents of current users table within uaUsers (might be easier).

Permissions is where you provide hard coded permissions within your windows/menus/remote forms etc.  Each distinct (hard coded) element in your app that requires security clearance has an matching Permissions record created.

Then there are the Roles.  This is where you define your “sales” role or “salesManager” role, admin, tech support etc.  One record for each.

Then you use the user access windows (found in infra) that allow you to assign Permissions to roles, then Roles to Users.

You can assign any number of roles to a user and any number of permissions to a role.

When user logs in you build a list of Permissions available to the user and store it in memory.  Every time the app wants to use or present an option to the user that requires clearance, you check the users Permissions first.  If set: voila! else hide or disable.

Cheers,
Rob Mostyn

+44 (0)20 3233 0044

As Carl Sagan once said:
One of the great commandments of science is, "Mistrust arguments from authority." ... Too many such arguments have proved too painfully wrong. Authorities must prove their contentions like everybody else.

> On 12 Jan 2023, at 13:05, Mike Matthews - Omnis via omnisdev-en <omnisdev-en at lists.omnis-dev.com> wrote:
> 
> A tricky one here.
> 
> 1 By group of people, or individual users?
> 
> 2 Down to field level, or just window level?
> 
> 3 Generally means a table that links users/groups to parts of your application
> 
> 4 How do you tag parts of the application to be added to the security system for easy maintenance?
> 
> We only implement security to window class level, which then also limits access to menus and context menus.  We did with a security table, and a strict set of naming convention used in window classes.
> 
> Mike Matthews
> 
> Lineal Software Solutions
> Commercial House, The Strand<x-apple-data-detectors://1/1> Barnstaple, Devon, EX31 1EU<x-apple-data-detectors://1/1>
> 
> omnis at lineal.co.uk <mailto:omnis at lineal.co.uk><mailto:mike.matthews at lineal.co.uk>
> 
> www.lineal.co.uk <http://www.lineal.co.uk/><http://www.lineal.co.uk/>
> 
> www.sqlworks.co.uk <http://www.sqlworks.co.uk/><http://www.sqlworks.co/>
> 
> 
> 
> On 12 Jan 2023, at 11:58, IT <it at plastipol.com <mailto:it at plastipol.com><mailto:it at plastipol.com>> wrote:
> 
> Caution: This is a message which has originated from outside the organisation. Ensure the sender is trusted and the content is safe before opening links or attachments.
> 
> 
> 
> Hi all,
> 
> I have not implemented a good way to limit user access to my app because it was based on legacy omnis users privileges (12345678)
> and is very limited and hardcoded in the library.
> 
> Now I want to redo how user are allowed to access to menus and buttons in my Omnis library.
> 
> If anyone wants to share any insight into how they implemented user access, they're welcome.
> 
> Regards
> 
> Xavier
> _____________________________________________________________
> Manage your list subscriptions at https://linkprotect.cudasvc.com/url?a=https%3a%2f%2flists.omnis-dev.com&c=E,1,M8VIJa2Zw6HzJY9P29poEPzmivXumdiI0DuBgWbp-l5beQZWqy9jf6ju8bGth64e0TowZLhFfWz83mcWNz4Z6tm4FrGFn7Qx1qdARXqfzWlCU2w_YJj4bFROjQ,,&typo=1
> Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com
> 
> _____________________________________________________________
> Manage your list subscriptions at https://lists.omnis-dev.com <https://lists.omnis-dev.com/>
> Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com

More information about the omnisdev-en mailing list