Securing an application using role-based access control
Archived
2 Tasks
20 mins
Scenario
In the Employee Evaluation case, TGB provides an optional, case-wide action to update an employee’s goals. The Human Resources (HR) department requires that HR business partners can run the UpdateGoals action at any time.
Create a privilege and add it to the UpdateGoals flow action. Then, use the Access Manager to add the privilege to HR staff.
Tip: Before testing your changes, remember to check in all rules from your personal ruleset.
The following table provides the credentials you need to complete the challenge.
Role | User name | Password |
---|---|---|
Senior System Architect | SSA@TGB | rules |
HR Business Partner | HRPartner@TGB | rules |
User | User@TGB | rules |
Note: Your practice environment may support the completion of multiple challenges. As a result, the configuration shown in the challenge walkthrough may not match your environment exactly.
Challenge Walkthrough
Detailed Tasks
1 Create and add a privilege to the UpdateGoals flow action
-
Log in to the challenge environment with Operator ID SSA@TGB using password rules.
-
Open the UpdateGoals flow action in the TGB-HRApps-Work-EmployeeEvaluation class.
-
On the Security tab in the Privilege name field, enter UpdateGoals.
- Click the crosshairs icon to create the privilege.
-
On the Create Privilege form, click Create and open to create the UpdateGoals privilege.
-
Click Save to save your changes to the privilege rule form.
-
Save the UpdateGoals flow action.
2 Add and configure the privilege for the roles
-
From the Dev Studio Configure menu, select Org & Security > Access Manager > Privileges to open the Privilege tab for the Access Manager.
-
In the Role field, enter or select HRApps:HR.
- In the Case type field, enter or select TGB-HRApps-Work-EmployeeEvaluation.
-
Click the plus icon to add a privilege.
-
Enter or select the UpdateGoals privilege.
- Keep the default value of Full Access.
- Click OK.
Confirm your work
- Log in to the User Portal with the Operator ID HRPartner@TGB using password rules.
Note: HRPartner@TGB belongs to the HRApps:HR Access group.
- Create a new Employee Evaluation case.
- Click Actions and verify that the Update goals action is available on the menu.
- Log out and log in to the User Portal with the Operator ID User@TGB using the password rules.
Note: User@TGB does not belong to the HRApps:HR Access group.
- Create a new Employee Evaluation case.
- Click Actions and verify that the Update goals action is unavailable on the menu.