StrataFrame Security Documentation Send comments on this topic.
Permissions Overview

Glossary Item Box

Purpose: This document provides an overview of permissions and how they are used within the security system.

Permissions Overview

Resources within the application are assigned a permission. This permission is required to access or manipulate that resource within the application. The permission is then granted or denied to specific roles and users to indicate whether the users have the right to access or manipulate that resource.

The permissions available depend on the application and are assigned by the software developer and cannot be created or edited outside of the development environment. Typically, a permission is binary: either you have a particular permission or you don't; however, any permission can be configured to also allow read-only access.

How Permissions are Used

Typically, permissions are divided into one of the following categories:

  1. Form-Level Permission - Access to the form is either granted or denied.
  2. Table-Level Permission
    • Table-Level Add - A user can add a record to a table.
    • Table-Level Edit - A user can edit a record within a table.
    • Table-Level Delete - A user can delete a record via the form.
  3. Field-Level Permission - Access to a field can be specified as either editable, read-only, or denied.

Not all levels of permissions are required to exist for all forms, therefore, it is not necessary or even practical for a permission to exist for every type of event that exists within an application.

For example, for certain maintenance forms within the application, it is only necessary for a single permission to be assigned to deny access to the maintenance form itself; the more granular levels are not required.

On the other hand if a form contains sensitive information that not all users should be allowed to view or edit, the developer can force the security for that part of the application to be more detailed, assigning a separate permission to several different fields within a single table.

The permissions node is exposed at both design-time and run-time; however, at run-time, permissions cannot be modified in any way. Permission cannot be added, edited, or deleted.