Securing an application using role-based access control
Archived
2 Tasks
20 mins
Scenario
In the Employee Evaluation case, TGB provides an optional, case-wide action to update an employee’s goals. The Human Resources (HR) department requires that HR business partners can run the UpdateGoals action at any time.
Create a privilege and add it to the UpdateGoals flow action. Then, use the Access Manager to add the privilege to HR staff.
The following table provides the credentials you need to complete the challenge.
Role | User name | Password |
---|---|---|
Senior System Architect | SSA@TGB | rules |
HR Business Partner | HRPartner@TGB | rules |
User | User@TGB | rules |
Challenge Walkthrough
Detailed Tasks
1 Create and add a privilege to the UpdateGoals flow action
-
Log in to the challenge environment with Operator ID SSA@TGB using password rules.
-
Open the UpdateGoals flow action in the TGB-HRApps-Work-EmployeeEvaluation class.
-
On the Security tab in the Privilege name field, enter UpdateGoals.
- Click the crosshairs icon to create the privilege.
-
On the Create Privilege form, click Create and open to create the UpdateGoals privilege.
-
Click Save to save your changes to the privilege rule form.
-
Save the UpdateGoals flow action.
2 Add and configure the privilege for the roles
-
From the Dev Studio Configure menu, select Org & Security > Access Manager > Privileges to open the Privilege tab for the Access Manager.
-
In the Role field, enter or select HRApps:HR.
- In the Case type field, enter or select TGB-HRApps-Work-EmployeeEvaluation.
-
Click the plus icon to add a privilege.
-
Enter or select the UpdateGoals privilege.
- Keep the default value of Full Access.
- Click OK.
Confirm your work
- Log in to the User Portal with the Operator ID HRPartner@TGB using password rules.
Note: HRPartner@TGB belongs to the HRApps:HR Access group.
- Create a new Employee Evaluation case.
- Click Actions and verify that the Update goals action is available on the menu.
- Log out and log in to the User Portal with the Operator ID User@TGB using the password rules.
Note: User@TGB does not belong to the HRApps:HR Access group.
- Create a new Employee Evaluation case.
- Click Actions and verify that the Update goals action is unavailable on the menu.