Search This Blog

Monday, January 29, 2018

XAF Security System enhancements in v17.2.5

After updating your XAF project to 17.2.5, you may notice a new option in the Application Designer:

The new SecurityStrategy.RolesMergingMode property specifies how the Security System determines if a user can perform a specific operation in case this user has multiple roles with different permission sets. The available modes are listed in the RolesMergingMode enumeration.


GrantedInAnyRole mode

By default, a user can execute an operation if it is allowed in any role assigned to this user (the GrantedInAnyRole mode). Each new role assigned to a user expands the set of allowed operations. This mode was the only option in previous versions.

GrantedInAllRoles mode

You can set the RolesMergingMode property to GrantedInAllRoles to make the behavior stricter and allow the user an operation only if it is allowed in all of this user's roles. Each new role assigned to a user reduces the set of allowed operations. This new mode is convenient when you have multiple roles, each prohibiting certain operations and would like to combine them.


9 comments: