Security permissions calculation is quite a complex process, and sometimes it is difficult to diagnose why access to a certain object and its members is allowed or denied. It is more common for application administrators or regular XAF developers who may not want to study documentation guides or be able to debug the XAF source code as per How can I debug DevExpress .NET source code using PDB files or using other approaches. So, in addition to documenting security rules, we are researching the usefulness of a tool that would show how effective permissions are calculated for each user in the UI, very similar to our Diagnostic Action. This may be helpful even to us, to reduce time spent on diagnosing related client problems.
We created the 'Security Diagnostic' action that shows calculation results in the UI:
The Security Diagnostic Tool shows detailed information about request parameters (the RequestInfo element), the Security System settings (the SecurityInfo element), permission processing results and criteria for each role.
As you can see there is one "Demo" role, which does not grant the "Write" access to the "Property1" property.
1. Ensure that you have XAF v17.2.6+ installed, open an application project's configuration file (App.config in WinForms and Web.config in ASP.NET) and locate the appSettings section's EnableDiagnosticActions key.
2. Set the EnableDiagnosticActions key's value to True:[XML]
<add key="EnableDiagnosticActions" value="True" />
This will add the Diagnostic Info Action to the Application Model and the Action will be added to the UI.
3. Run your project, log in under a required user, open a required object's DetailView, click the Security Diagnostic item of the Tools | Diagnostic(Child Window) action, choose an operation and a member name.
the 'Security Diagnostic' action doesn't work with Middle Tier security mode.
Your feedback is needed
Please test the tool and let us know whether it is useful in your development process and how you would change it. For instance, the more specific there are use cases of this tool where it was difficult to configure permissions for a user, the greater it is possible that we can arrive at technical solutions that will address them.
Concepts > Security System > Permissions for Associated Objects
Concepts > Security System > Security Permissions Caching
Concepts > Security System > Permission Policies
Search keywords: security, diagnostic, troubleshoot, configure, setup, permissions, access rights, granted, allow, deny, roles, users, diagnose, effective, debug
Show all comments