I want to talk about a typical scenario where AuthenticationActiveDirectory and SecurityStrategyComplex/SecurityComplex/SecuritySimple strategies are involved. Currently, when the AuthenticationActiveDirectory.CreateUserAutomatically option is set to True (the default value), a new Windows user opening such an application gets full administrative privileges. While it can be good in certain scenarios, in others it is best to restrict this new user by assigning some limiting access permissions, e.g. to be able to view some records only.
There are several ways to accomplish this task in XAF:
1. You can create a user object manually and assign a custom role to it via the AuthenticationActiveDirectory.CustomCreateUser event. To subscribe to the event, run the Application Designer and focus the AuthenticationActiveDirectory component. Then, in the window, switch to and double click in the property grid.