Managing Groups
An authorization mechanism in the MasonSQL framework is implemented with groups. Its a concept similar to Unix file system authorization although here there is no file ownership. On the other hand here is more and different types of permissions: Permission for CRUD interface, permissions for database access, permissions for logging, for displaying in a menu, for printing and permission for exporting to XLS.
On this page:
Groups
The
Autorizzazioni->Gruppi page enables management of groups and associations with groups. Groups can be added, modified or deleted from the
public.gruppi
table. Users can be added or removed from the
public.anagrafiche_gruppi
linking table which is displayed on the bottom of the page as a child table:
The
public.gruppi_modifica
linking table contains groups of users that are allowed to be managed by the users from the parent group. It authorizes the parent group members to manage the users of children groups in the
public.anagrafiche
table. The
public.gruppi_modifica
linking table is displayed in the second tab on the bottom of the page as a child table:
Users
The
Autorizzazioni->Anagrafica utenti page provides user management. Users can be added, modified or deleted from the
public.anagrafiche
table.
The groups to which the user belongs are stored in the
public.anagrafiche_gruppi
linking table which is displayed on the bottom of the page as a child table:
Authorizations
The
Autorizzazioni->Funzioni e autorizzazioni page provides authorization management. The functions that are used in a web application GUI, as well as the functions that use CRUD, must be registered in the
public.funzioni
table. The permissions for the functions from the
public.funzioni
table are stored in the
public.gruppi_funzioni
linking table which is displayed at the bottom of the page as a child table:
Help Text
The help text of a function can be edited with the CKEditor in the second tab on the bottom of the page. The help text is stored in the
public.funzioni
table. It is organized in the manual which is available from the
?->Help menu:
A new menu options for the web GUI can be added here in the
Autorizzazioni->Funzioni e autorizzazioni page.
For example let's add the
ListAuth
function to the menu; In this example the
ListAuth
already exists in the
public/autorizzazioni.mql
file:
<%method FUNZIONE>ListAuth</%method>
If we want to add it to the menu we must also add its name to the
public.funzioni
table because only then will its
public.funzioni.nome
permissions be available for validation. While adding the function to the
public.funzioni
table its important to enable its appropriate permissions in the
public.gruppi_funzioni
linking table which is shown at the bottom of the page as a child table.
Note that if we would want to access the function with CRUD interface would have to enable the
Dbms
permission.
Be warned that the ListAuth
enables access to the the public.autorizzazioni
table which is intended to be changed only by programmers.