Sooooo...my code above works, just not for those lively admins.  The response will always be true for them.  Got it.  I'll see if I can test this elsewhere to determine accessibility.

Thanks!
Bill

If I understand you, you are logged in as a user that is a SF administrator (either the admin user setup in the initialize method in AppMain or a user who is marked as an administrator) and that user doesn't have some desired permission, yet is always passing this test?



This is correct. Users with SF admin status are automatically granted access to all permissions. The permission isn't even checked if they are an admin, it just returns true.



Sounds like a nice request (IsInRole), but I wonder about complications, such as what if the user has Deny on that role, vs. Grant? You might be better off to just check if the user is an admin:

All I want to do is simply make something invisible...a navigation group on a DevExpress Navigation Bar Control.  Here is my attempt after setting up roles and permissions, then DDT to deploy:

if (SecurityBasics.CurrentUser.GetPermission("SystemMaintenance").Action == PermissionAction.Grant)
{
    AdminNavBarGroup.Visible = true;
}
else
{
    AdminNavBarGroup.Visible = false;
}

I have a role called "Administration".  A permission key was created for a category called Administration (not technically related).  The key is use above and it is called "SystemMaintenance".  The key is given grant rights for the "Administration" role.  I removed myself from that role to test.  The only thing that may be gumming up the works is the fact that my profile is marked as an administrator.  Does the administrator bypass any and all permission sets?

What would be nice is SecurityBasics.CurrentUser.IsInRole("Administration").  It would simply return a boolean value.  It look like I have to create a dictionary list then walk the list to see if the user is in the role or not.  Is that right?

Thanks for your help,
Bill