08-27-2020, 05:14 AM
(08-26-2020, 01:44 PM)remkonoteboom Wrote: A high level description of managing security can be found here:Thank you very much!
http://community.southpawtech.com/docs/s...-security/
This shows what the "access levels" mean. These are high level access levels that provide the minimum level for a certain user without having to write specific rules for each item. It also shows the interfaces for managing and customizing per group various access levels for search_types, sidebar links, etc.
Under the hood:
By default, a user can basically do and see nothing unless they are part of a group which contains access rules. These rules allow access to various parts of the system including querying. If you look at the login_group table in the sthpw database, you will see an access rules column with xml data that looks something like:
<rules>
<rule group="builtin" default="deny"/>
<rule group="builtin" key="view_side_bar" access="allow"/>
<rule group="builtin" key="view_save_my_view" access="allow"/>
<rule group="builtin" key="retire_delete" access="allow"/>
<rule group="builtin" key="edit" access="allow"/>
<rule group="gear_menu" submenu="Edit" label="Delete Selected Items" project="spin_master_demo" access="allow"/>
<rule group="gear_menu" submenu="File" label="Export All ..." project="spin_master_demo" access="allow"/>
</rules>
All security interfaces in the link above edit this xml document and the security engine makes use of these rules. A user can be part of multiple groups and the total rules will be union of all the specified rules in all the groups.
For those programming in Python, you can create your own rules, but that is a blog topic for another day.
It will help a lot.