Support > Repository > Authentication/Authorization > Control by model
ja | en

Explain how to manipulate data only for users with specific authority.

In this example, we will set up the "product" model.

Open the "Function Privileges" tab in the "Privileges" tab.The operation authority for this model is set. In the standard, there is a principal "general user" with basic authority.(Figure 1)

Figure 1 Function authority

Prepare a new principal.(FIGS. 2 and 3)

Figure 2 Adding a principal
Figure 3 Input field for new principal

Restrict principal "general user" to search system only.(I will remove the other authorities.)
Prepare a new principal "product manager" (English name productmgr).Set the privileges excluded by general users.

Figure 4 Setting up product administrator principals

After setting, build, run the application.

A principal must have at least one valid permission.A principal for which permissions have not been set (none is selected) will not be created.

Post-build steps

When using an external database, "What to do when adding a principalPlease import data as described in.

The following tests can not be tried with the trial kit.This is to add account processing.Please use development kit.

First, log on as a system administrator.Select "Account list display" from the management processing menu.(FIG. 5)

Fig. 5 Account list display

Register new account.

Fig. 6 Account new registration screen

Create an account "user" (general user).
Select "Common processing" "Change password" "General user" for the principal.

Figure 7 Creating account user

Create another account "manager" (master data administrator).
"Common processing" "Change password" "General user" to the principal"Product manager"Choose.

You can select multiple principals.At this time we have the role of "general user" and "product manager".
Figure 8 Creating account manager

After creating these two test accounts, log off the system administrator.

Log on as master data administrator. Select "Product Search" from the menu.The registration button is displayed.(Figure 9)

Figure 9 To the product registration screen

On the details screen after registering product data, you can see that operations such as registration, update and deletion can be performed.(FIG. 10)

Figure 10 Processing button related to update is displayed

Log off and then log on as a general user.
Select "Product Search" from the menu.The registration button is not displayed.(FIG. 11)

Figure 11 Item search screen

This account can only search and display.(FIG. 12)

Figure 12 Action buttons related to update are not displayed
All screen transition buttons are displayed and controlled by authority management.For example, for users who do not have update authority, the "update" button is not displayed.
Please do not use system administrator in the operation test of authority management.(The system administrator is set to have all authority.)

We introduced the control method of update authority here, but you can combine permissions according to the purpose.For example, you can create a principal that does not allow "delete" or a principal dedicated to "CSV download/upload update" processing.