Kendo UI Designer enables you to set up user roles to limit user access to modules, views, and Blank view rows and columns. To set up user roles with an OpenEdge backend, you need to have a data provider that is configured with form or basic authentication and a custom Business Entity that returns user roles on a service deployed on a Progress Application Server (PAS for OpenEdge) instance in the backend. You must then define roles at different levels in the app in Kendo UI Designer and write custom code to invoke the custom Business Entity.
When a user attempts to log in at runtime, a method in the Business Entity is invoked. If the user is authenticated, the method returns the user's roles. Kendo UI Builder then uses this role information to determine the user's access rights to modules, views, etc. The mapping of user roles must be defined in the custom Business Entity in the backend.
Defining roles in Kendo UI Designer
You can define roles at four levels of inheritance:
At the app level: All users that require access to protected parts of the app must have a role defined at the app level.
At the module level: Must be a subset of roles that are defined at the app level. Only those users that have these roles can access the module.
At the view level: Must be a subset of roles that are defined at the module level. Only those users that have these roles can access the view.
For Blank views only, at the row or column level: Must be a subset of roles that are defined for the Blank view. Only those users that have these roles can access the row or column.
Defining roles at the app level
You must define the names of all roles that require access to protected parts of the app as follows:
1. In the app design page, click the gear icon next to the app name and select Roles.
This opens the Authorization Roles dialog box.
2. In the Authorization Roles dialog box, enter the name of a role and click + Add Role. Repeat this step until you have added all the required roles as shown in this example:
3. Click Save.
Defining roles at the module level
The next step is to define authorization at the module level. Only those users that have these roles will have access to the module.
Note: If you do not define any roles at the module level, all authenticated users will have access to its views.
1. Click the gear icon in the module card and select Properties.
This opens the Edit Module dialog box.
2. In the Edit Module dialog box, expand Roles, choose the roles that require access to the module as shown in this example, and click Save. Note that you can choose only from roles that have been defined at the app level.
3. Repeat these steps for each module that requires authorization.
Defining roles at the view level
After you have defined roles at the module level, you can define roles for each view in the module. Roles at the view level must be a subset of the roles that are defined at the module level.
Note: If you do not define specific roles for a view, all roles that are defined for the view's module will have access to the view.
1. Click the gear icon next to the view name and select Edit.
This opens the Edit View dialog box.
2. In the Edit View dialog box, expand Roles, choose the role names that require access to the view, and click Save.
3. Repeat these steps for every view that requires authorization.
Defining roles for Blank view rows and columns
To define roles for a row or a column in a Blank view, select the row or column in the Blank view layout and configure the Authorization > Allowed Roles property. Note that you can choose only from roles that are defined for the Blank view.
Writing custom code to obtain user roles from the OpenEdge business entity
The login view in the default Application module has a login event function named onLogin() . You must write custom code in this onLogin() function to invoke the method in the custom Business Entity that returns user roles. A stub for the onLogin() function is defined in the view's controller.public.js file, which you will find in <app_dir>/app/src/modules/application/login.
At the app level: All users that require access to protected parts of the app must have a role defined at the app level.
