1. WaveMaker Visual AJAX Studio 4.0 Training Role Based Access Control

2. 2 What is Role Based Access Control ● Referred to as RBAC (R-BACK) ● Only available in the commercial addition of WM ● The ability to control application at run-time based on a users Role without writing and maintaining a bunch of “if…then” statements. ● Example: –Jill is a manager: He has the right to view Salary information –Joe is a employee: He can not view Salary information

3. 3 What is Role Based Access Control ● RBAC allows you to –Allows you to control at the widget level the visibility of content on a page ● RBAC does not –Allow to control who can execute which services –Allow to control whether a piece of data is read-only or editable

4. 4 Using Role Based Access Control ● Once security is enabled RBAC is available –Define Roles –Can be manually added or imported –Each widget now has a security property –Put a check next to each role which is allowed to view a widget –For container widgets which contain other widget’s –if the container is not visible then nor are any of it’s children –If a container is visible you can 0:M of it’s children can be hidden.

5. 5 Defining Roles ● Roles are defined manually –Whether you are using Database authentication, LDAP or the Demo system –The roles to be used by the application must be manually entered under Role Configuration

6. 6 Determining a User’s Role ● User roles are determine at Login –Database Roles –Can be stored in the same table as usernames/passwords –Can be fetched using a database query. This is useful if they are stored in separate table

7. 7 Determining a User’s Role ● User roles are determine at Login –LDAP –Must define the LDAP groups to be searched –Work with your Directory Admin

8. 8 Applying RBAC to widgets ● Select Widget on Canvas ● In the Properties Tree, click Security ● Select which users can view this Widget ● By default, Everyone has access ● It is that easy!!!

9. 9 Questions?

10. 10 Exercise 11 ● Enable security ● Add security to Widgets