This video explains the basic Role settings and how to add one to the Exago configuration.
<< Storage Management Permissioning and Setup Previous Video
Next Video Integration Example >>
Roles are created to specify how a user or group of users interface with Exago. Roles can restrict access to folders or data objects as well as overriding General settings such as feature accessibility and culture settings. They can even provide tenancy to data objects.
Roles can be created using the Admin Console or via one of our APIs. A configuration can have as many unique Roles as necessary, but only one Role can be activated per Exago session.
The first step is to open the Exago Admin Console. To open the Admin Console, we’ll use the server/IP, slash Web App Virtual Path, slash admin.aspx to build our URL. In our environment, that looks like this. To add a new Role, right-click on Roles and then click Add. There are five sections to control access: Main, General, Folders, Objects and Filters.
Main Settings control the broad properties of the Role. Each Role needs an ID, or a name. Then, we can control folder and object access in the Main Settings via the rest of these checkboxes. We will review these checkboxes in the Folders and Objects Settings coming later.
The General Settings override a subset of the global General Settings for the session with an active Role. There are a number of settings that can be adjusted, such as report designer permissions, cultural settings such as date time or currency formatting or geographic offset such as a time zone.
The Folders panel lists what folders and their contents are available to the end user. If the Include All Folders checkbox from the Main tab is checked, then all folders except the ones listed here are available. If the checkbox is not checked, then the list works the opposite way—only those folders that appear in this list will be available for the user session. The Read Only checkbox works in the same way with the corresponding All Folders Read Only checkbox in the Main Settings. If checked, any folders displayed to the end user will be read only, or more appropriately, execute only. If All Folders Read Only in the Main Settings is unchecked, checking an individual folder’s Read Only checkbox will make only that folder read or execute only. Checking Allow Folder Management allows users to create root and sub folders as well as rename and delete folders that are not read only in the user interface. If unchecked, users are blocked from doing this and the Add Folder links and menu items are hidden from the user interface.
Finally, the Filters panel is used to provide row tenancy. Filters here will be added to Data Objects so that users can only view filtered rows in the Data Object. Choose a Data Object from the first dropdown, then enter a SQL filter string to be appended to each query that utilizes that Data Object. This filter string can include Exago system parameter such as userId or companyId or even sub-queries. The filter string must contain the actual name of the objects in the Data Source rather than their Exago aliases. Each Data Object can have one filter configuration and every Data Object that is required to be filtered must have a unique row in this panel.
Roles work in conjunction with the permissions available with Storage Management. A Role can be more restrictive than the Storage Management permission, but never less. For example, including a folder in this list will not make it appear if the Storage Management systems hides it from the user. If a folder is not marked execute only in the Role, but is marked read only via Storage Management settings, the folder and all of its contents will be execute only for the user. To test out a Role, open the General Main settings and then set an Active Role. In practice, Roles are typically activated via the API at runtime.
Congratulations! You’ve successfully added, configured and tested a Role in the Exago base configuration!