Estimated duration: 1 hour
Introduction
In these exercises you will learn how to use and modify rights profiles. Rights profiles can be used to restrict access to part of the application for one or more groups of employees.
What you are about to learn
- How to create rights profiles
- What is possible to do with rights profiles
- What the difference is between GUI and
- Database settings.
Prerequisites
- A personal training environment.
Contact your Novulo consultant if you do not have access to a personal training application for exercises yet. Most exercises only work in combination with a selected set of training data and not in any application.
1. Create and use a new rights profile.
If you get stuck, read the following posts:
A) Create a new rights profile called “Test profile”
B) Ensure that all rights are set
Hint: use the copy functionality
C) Create a new user
D) Give your newly created user the newly created rights profile
E) Log in as this new user.
Tip: By using a private browser window, you can keep both open at the same time.
Learning: This is a good way to check your rights profile changes. Please use the newly created user this for checking all upcoming exercises.
Tip: Use a private browser window, or different browser, to keep track both users logged in at the same time. The reason for this is that your login is shared as a session between tabs. So the only way to login is as a new user is to logout, or use the above tip.
Solutions
2. Modify a rights profile and restrict access on GUI level.
A) Modify the “Test profile” from exercise 1 and restrict access to “My instructions”
Hint: ‘My instructions’ can be found under Management.
B) Log in to the user profile which has the “Test profile” assigned, and see that My instructions is no longer visible as a tile or under all apps.
Hint: If either is still visible make sure the entire subtree has no rights.
Solutions
3.Modify a rights profile and restrict access on database level
A) Modify the “Test profile” from exercise 1 and prevent the user from seeing and editing the “contact" field on a “user” page on database level
B) Prevent the user from editing the “active” field of a “user” page on database level.
Verification to see if a and b are done correctly:
- Log in to the user profile with the “Test profile” rights profile, and open a user.
- See that the active checkbox cannot be modified anymore.
- Also see that the contact is no longer visible, similar to hiding the GUI element.
- Understand the difference between restricting access on GUI or database level.
Hint: Database level restrictions are stricter and more powerful. Which also means they can introduce issues where a process might need a field that is unavailable due to rights profiles.
Solutions
4. Modify rights profile with conditional access
A) Give the password field of a user a conditional editability, so that each user can only change their own password.
