• +381641430769
  • This email address is being protected from spambots. You need JavaScript enabled to view it.

Bring Idea into Life
with No Limits

Easily build modern web applications with highly flexible Visual Tools 

Image

Security Administration

 

 

 

In Codeless Platform all of your UI logic resides on the server and is never exposed to attackers. Only one communication servlet is open to the outside world, reducing the attack surface to the absolute minimum. The platform performs form data validation on the server, which cannot be accessed with client-side attacks. 

Application security in Codeless Platform is based on security permissions on a form, view or field level. You can protect the visibility or editability of every field of the form. In the same way, you can protect any action that can be performed on form. For  example you can protect saving the form, generating Excel reports or importing data from a yml file.

Security Permissions are grouped in Security Roles. Each User can have multiple Security Roles assigned. 

Security Permission administration is done inside Form Designer where you simply click to configure what you would like to protect and the way you want to protect it.

 

Grouping of permissions is done in the Security Role form, and adding roles to Users can be done either in User form where you can administer roles for each user separately or in User Login Roles form that is a Checker view where you can administer all User and Roles on one screen.

 

Sensitive form fields like password fields can be protected with encryption algorithms. The default encryption library used for this purpose is BCRYPT. 

Security permission

Security permission is permission defined for the form and it’s action can refer to a Form, View or a Field. 

Security action

Security Action represents concrete action for a particular permission: 

 

   Code

  Description

Form

View

Field

  ADD

Add entity

Check bullet

Check bullet

  UPDATE

Update entity or property

Check bullet

Check bullet

  DELETE

Delete entity or property

Check bullet

Check bullet

  VIEW

View form, view or field

Check bullet

Check bullet

Check bullet

  COPY

Copy entity

Check bullet

  EXPORT

Export collection of entities

Check bullet

  IMPORT

Import collection of entities

Check bullet

  REPORTS

Show reports on form

Check bullet

 

 

Let’s see some examples:

 

 Action

Level

When user does not have permission

 VIEW

Form

Form will not be shown in a application menu

 UPDATE

Form

Button Update on a Form will be disabled

 DELETE

Form

Button Delete on a Form will be disabled

 VIEW

View

View will not be visible

 VIEW

Field

Field will not be visible

 UPDATE

Field

Field will be disabled

 

Note that when we define permission on a Form level it will be applied to this form and all other forms where the form appears as a child. 

Note that when “VIEW” permission is defined for a field, this field will not be visible on Detail, Grid and Gallery view.


Example:

Form “Visit” can exist independently or as a child form of the “Pet” form. If we create “VIEW Visit” permission and a User does not have this permission, then the following will happen: 

  • User will not have “Visit” in an application menu

  • User will not see the “Visits” child on the “Pet” form 

Security Roles

Security permissions are grouped in groups called SecurityRoles.
Each user can have one or more security roles.

 

Creating Security Permissions
 

Security permissions are managed in Form Designer.

When we open Form Designer, and select some form like “Vet”, in the main toolbar we will have a button “Permission”: 


 If we click on this button we will see the following options: 

s 22

 

All actions in the previous image are referred to a Form level. Let’s select “View” and “Delete” actions: 

 


Note
that the color of the “Permission” button is changed to green because we have at least one permission defined for this form.

From the previous image we defined the following permissions:

  • Permission to View “Vet” form

  • Permission to Delete vets on “Vet” form 

Let’s see how this form looks when no permission is defined:

 

 

Note that we have a “Vet” form in the application menu and the “Delete” action is enabled.

As soon as we create permissions described previously, we will have this situation:

 


 Note that we will not have the “Vet” form in the application menu.

 Let's go back and delete permission to view “Vet” form:

 

If we go back and try again, we will see that “Vet” is again in the menu: 

 

 

Note however that the “Delete” option is disabled.

Let’s go back to permission options again and click on “View-level security…”

A new window will open with all views in this form except the “Main” view. The “Main” view is not on the list because you can handle the visibility of the “Main” view on the form level.

 

 

If we select “Main_col_1” this means that this view will not show on this form if a user does not have this permission: 

 


Note that the name and description of a vet are not visible because view “Main_col_1” is protected.

Let’s do the same for the “VetsSpecialties” view as well:

 


 

Note that If the view is protected with “VIEW” permission and it’s in the same time base view for a Tab, Accordion or Responsive, then the panel (tab sheet, accordion panel) will not be shown at all. 

Let’s demonstrate this on the following form:

 

 

Note that on the “First” tab sheet we have the “Visits” view: 

 

 Without permission form looks like this: 

 

If we select “Visits” in permission list for action “View”: 

 

The result will be:  

 

 

Note that the “First” tab is missing.

 

Adding roles
 

Security role form is used to group security permissions. Creating a new role is as simple as specifying name, description and selecting permissions from a list of all permissions.

 

 

When we click the “Add” button on the “Permissions” child form we get a checker window to select permissions: 

 


 

Assigning roles to a User


Assigning security roles to a particular user can be done in the 
User login form:

 


 

Click on the “Roles” button in the toolbar:

  

 

You can “Delete” selected role or “Add” new roles:

 


 

 

Assigning roles to users

   

To administrate all users and roles on a single screen we can use form User login roles: 

 


Start typing the name of a user or click on the Findicon:

 


  

Click on the Updatebutton and then on any checkbox that will associate the user with the security role. When you save the changes all UserLoginRoles will be updated (created or deleted)

 

 

Take the Next Step

Discover Reporting Tool

Please publish modules in offcanvas position.