In this Lesson
In this lesson you will require users to be authorized to use the solution.
Concepts
To secure a solution you must ensure only authorized users are allowed to access the solution’s scenes.
- Be careful about which scenes, if any, allow public access
- Grant users access to only those scenes which are appropriate for their needs.
Public Access
Everyone can use the solution’s initial scene. Additionally, a solution may specify a group for Public Scene Access. Since the Party Pool solution does need any public scenes we can simply remove the public access group from the solution.
- Open the PartyPool solution
- Remove the group from the Public Scene Access section
- Save the item
Provisioning Users
You will now provision users to the solution.
Admin User
Grant full access to the admin user
- Start Derby and SxServer if they are not running
- Start the server console
- Sign on to the console
Tenant = 0
User = admin
password = admin
- Select User Provisioning
- Search for Jane Doe
- Select Jane Doe and edit the security groups
- Enable the Delete Party and Edit Party groups
- Press the Save button
Edit User
Create a user that can edit parties but cannot delete them
- Select the Create New User link at the bottom of the user list
- Create a user id of editor as shown here here
- Search for all all users with a last name of Doe and select the newly created user
- Set the password to editor (lower case)
- Assign the Edit Party group to the user
Unauthorized User
Create a user with no authorization for the Party Pool
- Select the Create New User link at the bottom of the user list
- Create a user id of outcast as shown here here
- Set the password to outcast (lower case)
Test the ADMIN user
- Start the solution
- Sign on as the ADMIN user
- Search for users
- Select a user
- Both the delete and edit features are available
Test the EDITOR user
- Start the solution
- Sign on as the EDITOR user
- Search for users
- Select a user
- Only the edit feature is available
Test the OUTCAST user
- Start the solution
- Sign on as the OUTCAST user
- The user is denied access to solution’s home scene
In the next lesson you will provide a more appropriate message for users who have no access to the solution.
That concludes this lesson.