Configuring Security with the Authorization Policy Control
All components, which are securable, work with the same authorization policy control. Knowing how to use this control is key to successfully setup security.
Luckily this process is pretty straightforward. When the authorization policy control is initially loaded, it will not have anything defined.
Anonymous Access
Note
By default an anonymous user is not authorized to access any securable component in the Ometa Framework.
To allow anonymous access to a component, you need to enable the checkbox Allow Anonymous Access.
When anonymous access is enabled, a request, without identity information, will not be challenged for authentication.
Action When Unauthorized
When configuring certain securable components which can have an impact on visualization, an extra option called Action When Unauthorized is shown in the Authorization Policy Control.
Choose what the visual component should do when the requester is unauthorized to that component.
| Configured Option | Description |
|---|---|
| None | The user will still see the component when unauthorized, but upon invoking its action, he will get an error stating that he's not allowed to do that. |
| Hide | The user will not be able to see the component when unauthorized. |
| Disable | The user will see a disabled component when unauthorized and will not be able to invoke its action. |
Using a Condition Set from Master Data
If you already have a master data condition set which you want to use, simply tick the checkbox Use condition set from master data and choose the one you'd like to use.
Promoting a Condition Set to Master Data
Once you configured conditions from which you think you are going to need at other places, it is wise to promote them to master data. To do this, simply click on the Promote to Master Data button, give it a name and you're good to go. You're now able to use this new condition set at other securable places.
