Authorization module - A Role-Based User
This module provides a working implementation of a role-based
user permission system.
This module can be added to any Tersus application to control the
access and usage of specific parts of the application by users in any
Basically, a user may use a restricted part of the application
if he/she is assigned a role that is associated with an appropriate
More formally, a user is eligible to access specific application
functionality (e.g. seeing a view or pressing a button), when
the following conditions are met:
For example, the module itself employs this mechanism to limit
access to the Users and Roles
views to users which have been granted the View Users
and View Roles
permissions resepctively. (It also creates a default user with said
permissions, so that the views will be accessible - see Module Implementation)
The Tersus Server has built-in
infrastructure which implements this type of authorization system based
on data found in specific database tables (discussed below).
The module contains 4 Database Records:
User - Stores User IDs
and matching Passwords for all users of the
application (mapped to the Users
table in the database).
Role - Stores the Roles
defined for the application (mapped to the Roles table
in the database).
User_Role - Stores
the assignments of Roles to User
IDs (mapped to the User_Roles
table in the database, a join-table implementing
the many-to-many relationship between Users
Role_Permissions - Stores the assignments
of Permissions to Roles (mapped
to the Role_Permissions table in
the database, a join-table implementing
the many-to-many relationship between Roles
4 database tables specified above are used
by the security infrastructure built into
the Tersus Server, they should not be renamed, and
fields should not be removed or changed. However, additional fields may
be added if required for specific application functionality.
The module provides 2 Views for
managing the user permission system:
Users - This view is used to manage users
them with roles. The view is itself controlled by the user permission
system - the requiredPermission property of
the Users view is set
to View Users - users who need
access to this view, typically the system administrator, must have this
Roles - This view is used to manage roles
and assign them with permissions. The requiredPermission
property of the Roles view is
set to View Roles -
users who need access to this view must have this permission assigned.
The module also includes the Initialize
service process. Its purpose is to bootstrap the user permission system
(therefore, it is not exposed to the users).
The Initialize process is executed each
time the application is started within the Tersus Server,
and includes the following sub-processes:
Security Note: When deploying the application, the system
administrator should create other users and delete
the default Super user.
To use this module, select it from the Palette and drop it
into the Root Model.
This will add a new system (with the default name Authorization),
which in turn will appear as an additional perspective in the browser.
In order to view the changes to your application in the
browser, you should do the following:
The security infrastructure is discussed in the Check
Permissions and Get
All Permissions template documentation.
For best results, use the Firefox browser..