Configuring Roles & Privileges
Roles: Defining User Profiles
Understanding Roles
Roles are essential in defining distinct user profiles within Qodly. Each role corresponds to a specific set of privileges, and access levels (Permissions).
Role Hierarchy
Roles can be structured hierarchically, allowing for an organized and layered access control system. In Qodly, higher-level roles can inherit the privileges of lower-level roles, creating an efficient method of managing user access. This hierarchy enhances the granularity of access management and facilitates a streamlined approach.
Detailed Permission Review for Roles
When a role is selected in the Roles & Privileges
editor, a detailed permission review is displayed to provide insight into the final permissions resolution for that specific role. This feature helps developers fine-tune privileges more effectively by showing the impact of privilege configurations.
-
Comprehensive Permission Listing: Lists all application code assets, including: Dataclasses, Attributes, Functions, Singletons and Singleton functions.
-
Organized and Alphabetical Grouping: Listed assets are grouped and sorted alphabetically as follows:
- Datastore (ds)
- Datastore Functions
- Dataclasses
- Attributes
- Dataclass Functions
- Entity Functions
- Entity Selection Functions
- Singletons
- Singleton Functions
-
Permission Columns: For each asset, the following columns display resolved permissions: Read, Create, Update, Delete, Describe and Execute.
A grey tick indicates that the permission is granted.
If the access is granted through promoted privileges, an info indicator is provided.
An empty checkbox indicates that the permission is not granted.
Displaying permissions explicitly helps identify the consequences of modifications in privileges, such as:
- Adding permissions to a privilege included in a role.
- Removing permissions from a privilege that is not included in any role.
- Promoting a function execution in a privilege will apply the promotion universally, regardless of roles.
Adding Roles
To add a role:
- Open the
Explorer
Panel. - Navigate to the
Roles and Privileges
section. - Click on the
Roles
tab to access role management. - To create a new role, click on the
+
button next to Roles.
In a back-office travel agency solution, you might create roles such as:
Roles | Description |
---|---|
Agent | Reserves and customizes travel packages for clients. |
Content Manager | Manages website content, including creating and updating travel packages. |
Sales Manager | Manages customer bookings, views sales reports, and generates invoices. |
Privileges: Enabling Controlled Access
Understanding Privileges
Privileges define the specific permissions that users of different roles can perform. By assigning privileges to roles, you determine the extent of a user's access to data and functionalities.
Adding Privileges
To add a privilege:
- Open the
Explorer
Panel. - Navigate to the
Roles and Privileges
section. - Click on the
Privileges
tab to access privileges management. - Click on the
+
button to create a new privilege.
In a back-office travel agency solution, you might create privileges such as:
Privileges | Description |
---|---|
ManageReports | Access to sales reports and statistical data. |
ManageBookings | Manage customer bookings, verify reservations, and generate invoices. |
ManageContent | Access and manage the travel agency's online content. |
Interplay Between Roles and Privileges
Achieving the optimal synchronization of roles and privileges ensures seamless task execution for users while maintaining robust data security.
To assign one or multiple privileges to a role:
- Navigate to the
Roles
tab within theRoles and Privileges
section. - Select the desired role (e.g.,
Sales Manager
). - Locate the privileges section on the top.
- In this section, you'll find a comprehensive list of available privileges.
- To assign a privilege, click the
+
icon. - To remove a privilege, simply click the
-
icon.
For instance, a Sales Manager
role might possess privileges like ManageBookings
and ViewReports
, granting them the ability to analyze booking trends and monitor revenue for informed decision-making. Similarly, a Content Manager
role could receive the privilege ManageContent
.
Assigning Roles
Through the Qodly Management Console of your application, you can assign roles to users across various environments—development
, staging
, or production
—each with its own configuration.
Roles configured in the development environment may differ from those in production. It's essential to manage roles appropriately in each environment to ensure consistent access control.
To assign a role to a user in the development
environment:
- Go to the
Teams
tab to see a list of available users, each linked to their respective roles. - Click the
Add User
button in the upper-right corner to add a new user. - Complete the form that appears with the necessary user data.
- Find a dropdown menu labeled
Profile
towards the end of the form, displaying roles added from Qodly Studio under theRoles and Privileges
section. - Select and assign the appropriate role to the new user from the list, providing specific privileges associated with that role.
Retrieving Current Session Information
You can retrieve user information in the current session using the cs.Qodly.Users
class. This allows you to access essential user details, such as their email, role, first name, and last name.
Here's how you can retrieve and store user data for session-wide access:
exposed Function loadSessionUserInfo()
var userCS : cs.Qodly.Users
userCS = cs.Qodly.Users.new()
use(session.storage)
session.storage.currentUser = userCS.getCurrentUser()
end
For more detailed information, refer to the Sessions and Users sections.
Roles and privileges JSON Representation
In Qodly Studio, roles and privileges have a JSON representation that can be useful for troubleshooting or copying selected parts.
This representation can be accessed through a text editor by selecting the Roles and privileges
in the Explorer
and choosing Open With
a Text Editor
.
This allows you to view, copy, or edit the JSON representation.
Exercise caution when editing the JSON representation. The syntax checker does not validate whether attribute names match the expected ones or if there are issues with attribute names. Always ensure you have a backup before making changes.