SEARCH
RSS Feed
Knowledgebase : Visual Guard > Manage Permissions > Managing Roles
Assigning permissions to roles, and roles to users or groups
We need the ability to define roles and assign authorization permissions to these roles. We need to be able to assign roles to groups and/or individuals. You can create/read/update/delete roles with the VG WinConsole and/or the VG WebConsole, or creating your own role management system using VG API. In the VG WinConsole and the VG WebConsole, you have the possibility to grant permission sets to roles. You also have the possibility to grant a role to a user or to a group. If you grant a role to a g...
We do not want the users to have to select their role.
We do not want the users to have to select their role. Based on what is written above, this seems possible, but it does not describe how. How can I make the permissions cumulative? And what happens if there is a conflict between two roles assigned to the same user (Role clerk can't see the SSN field, but role manager can)? Does the restriction of a field override access or vice versa? Or does this work some other way? By default if you do not enable the user to select one of his roles, the permissions...
Can a role be automatically given when a new user is created
In case of a username/password account created by an end-user, can VG grant automatically a given role to this user (auto-provisioning)? Visual Guard offers the possibility to define a "default role" for each application (auto-provisioning). This role is automatically granted to new user accounts. You can set up this option when you declare a new application in the console. The application creation wizard includes a step where you are able to activate the « default role » option. You can set up this o...
Do roles of WindowsPrincipal add to roles from VGPrincipal
Are the roles for the WindowsPrincipal for a user added to the roles in the constructed VGPrincipal when you call Load? Here's a scenario: Suppose Alice at the xxx company, xxx\Alice, logs in. She is a member of a Windows Group named xxx\CRM-ApplicationUser. I have set up a Visual Guard user called VG-CRM-ApplicationUser that is given a VG role called VG-CRM-ApplicationUserRole, I've associated the Windows Group xxx\CRM-ApplicationUser with VG-CRM-ApplicationUser. If xxx\Alice logs in to an applic...
How to give full access to a user in case of emergency?
We develop an application for health institutions. And we have doctors and nurses using the application. Normally, they only have access to patients in their department. Then some emergency appears and they may need access to patients they normally not have access to. We would like to create a "blue light button" where they gain access to everything if they provide some reason to invoke this function. And the logging level is of course raised in these situations. Is this possible through Visual Guard? ...
How to grant a role to a Windows Group?
How to grant a role to a Windows Group? * Create a Windows Group for each application's role * Declare Windows Groups in the VG repository * Grant a single role to each Windows Group * Bottom line, you manage a 1-to-1 relationship between Windows Groups and VG Role and you do not manage a long list of user accounts Please note that the property "VGSecurityManager.IncludeWindowsGroups" should be true (you define this property when you generate VG configuration files) If so, when a user logs in to the ...
Administration of shared roles
As for the shared roles, can the administrator have access to them to change or administrate them? Yes he can. He can manage the shared roles from the console. If you do not want to use the console, Visual Guard provides an API that enables to manage users and roles and to assign roles to users. Therefore a user's management feature can be integrated to the application. Visual Guard
One User / several roles?
1RST QUESTION: Is it possible to have one user with different roles according the applications he is accessing ? A user may have different roles. You can define which role a user will be allowed to use in application 1 or application 2. Visual Guard .Net allows you to define specific roles for each application. The user may access application 1 with role x and then access application 2 with role y with the same log in. Visual Guard .Net offers also the possibility to : - Create shared roles (availabl...
Define a home page according to the role
Is it possible to define the first page a user will access to according to its role? For example, a user with an Account department role would be directed to a financial result page, whereas a user with a sales person role would be directed to a page with the products. There are different ways to achieve this result: - Visual Guard .Net is compatible with the LoginViews (for ASP.Net applications). You can define a LoginView in your welcome page. It would display a view adapted to the user's role. - ...
How do you manage roles with Visual Guard ?
Visual Guard is very flexible regarding Role management: * For example, you can create roles including some Visual Guard access control management rights. In this case, you will select the Visual Guard security permissions that allow performing exactly the operations you need to Auditors, Directors, etc... For instance CanReadUsers, CanCreateGroups, CanGrantRoles, etc... * Of course, you can also create roles including application-level permissions Once Roles are defined, you can grant them to: ...
Help Desk by Novalys