Dynamically grant user permissions
August 7, 2020
2 min read
Following the ability to use your own end user management system and the SET USER ALIAS command, you might be wondering how you can manage end user permissions without creating multiple 4D user accounts. Keep reading because this feature release has the answer!
4D developers often need to manage end users with their own directory system (e.g., from an internal development to external with LDAP or SSO). One solution was to create as many 4D user accounts as rights, then switch from one to another.
4D v18 R4 makes things more intuitive by allowing you to set users’ rights with groups … dynamically.
The easiest way to do this is to create a default user account with no group memberships:
Then you can create a group for each right you want to manage.
At runtime, you can still use the SET USER ALIAS command to set the user name so it will appear everywhere in the database.
Now with the new SET GROUP ACCESS command, you can also dynamically set the group membership.
Note that these two commands are not available on the server side.
Here’s a code sample executed on a remote client after custom user authentication:
// Set my own user field as alias
SET USER ALIAS([MyUserTable]Name)
// Set user groups following rights
C_COLLECTION($userGroups)
$userGroups:=New collection
If([MyUserTable]4DWriteProAccess)
$userGroups.push(”4D Write Pro”)
End if
If([MyUserTable]4DViewProAccess)
$userGroups.push(“4D View Pro”)
End if
SET GROUP ACCESS($userGroups)
You can set the current user group access to none if you want:
SET GROUP ACCESS(New collection)
You can reset the current user group access to how it’s stored in the directory file:
SET GROUP ACCESS
The new Get group access command allows you to retrieve the current group membership:
SET GROUP ACCESS(New collection(“4D View Pro”;”4D Write Pro”))
$collection:=Get group access
// $collection contains ["4D View Pro","4D Write Pro"]
All given group access don’t affect the user / group directory.
Now it’s your turn to give it a try. Manage your users and groups dynamically … as you want!
Comments are not currently available for this post.