Thursday, January 3, 2013

Restrict Access to Actions with “Roles” Property

It is possible to restrict access to actions by a specified list of roles. If the current user is not in the list of roles, the action will not be displayed in the user interface.

For example, the Actions | Export to Spreadsheet option in the Orders controller is available to all registered users by default.

The action 'Export to Spreadsheet' is available in the Orders controller.

Let’s restrict access to this action to only users with roles of “Administrators” or “Sales Manager”.

Start the Project Designer. In the Project Explorer, switch to the Controllers tab and double-click on Orders / Actions /ag5 (ActionBar) – Actions / a3 – ExportRowset node.

Action 'a3' in action group 'ag5' of Orders controller.

Change the Roles property:

Property Value
Roles Administrators, Sales Manager

Press OK to save. On the toolbar, press Browse.

Log in with the standard user account (user / user123%) and navigate to the Orders page. The Export to Spreadsheet action will not longer be available.

The action 'Export to Spreadsheet' is no longer available in the Orders controller.

Log out, and log in again with the administrative account (admin / admin123%). The action will be available.

No comments:

You can find more about Code OnTime Generator, Data Aquarium Framework, and other great products here.


© 2010 Code OnTime LLC. Intelligent code generation software for ASP.NET. Visit us at http://codeontime.com