Authorization is a process through which the access to various aspects of the app such as services, widgets, and functionality is restricted to the specified app roles.
- defining the roles,
- assigning these roles to users and then
- setting the access levels to various pages, services and widgets of the app.
Role Configuration can be Basic or Custom. In the case of Basic, a HQL query will be built by default in read-only mode. In case of Custom, you can change the query to suit the app needs. NOTE: Here we are talking about the database-based role configuration. For other role providers like LDAP, AD etc., refer to the corresponding section in Authentication document.
- In the case of Basic Role Configuration, set the Role Column to the field within the user table where role information is stored.
NOTE: In case the role column is in a related table, use Custom query.
- In the case of Custom Role Configuration, Query Type can be set to HQL or SQL. By default, HQL is selected and a default query is generated, which can be modified.
NOTE: The username and role can reside in separate tables and you can write a query to retrieve the information.
The parameter to the query LOGGED_IN_USERNAME needs to be retained as it is, WaveMaker stores the username details in this variable.
- As an example, if you select Database as Security Provider; sample hrdb as the Database; User as the Entity; Username, Userid and Password as themselves, then the sample query would be provided along with a text box to enter a sample value for username and test the query.
You need to add the roles that you want to use in your application as per the roles in the above-mentioned Security Providers and Roles in the App Roles tab. There are two App Roles – admin and user offered for all providers. They are for authorization and provided out of the box. Users can add/remove to suit their needs.
Using the arrow keys, you can set the role precedence for multiple roles within an application. This is particularly useful when a single user has multiple roles with different overlapping functionality.
For example, Manager has two roles – admin and user. And for admin the landing page is set as EmployeeDashboard, while user has the landing page as EmployeeProfile. Based on the role precedence the corresponding landing page takes priority, i.e., when Manager logs in, if admin role has higher precedence then EmployeeDashboard page is displayed, if user role has higher precedence then EmployeeProfile page is displayed.
- 7.1 App Security Overview
- 7.2 Authentication
- 7.3 Authorization
- 7.4 Access Levels & Permissions
- 7.5 Login Configuration
- 7.6 Security Related Variables
- 7.7 SSL Encryption
- 7.8 OWASP
- 7.9 Single Sign-On (CAS)
- 7.10 Token Based Authentication
- 7.11 SAML Integration