Dynamically grant user permissions

Automatically translated from English

Following the ability to use your own end user management system and the SET USER ALIAS command, you might be wondering how you can manage end user permissions without creating multiple 4D user accounts. Keep reading because this feature release has the answer!

4D developers often need to manage end users with their own directory system (e.g., from an internal development to external with LDAP or SSO). One solution was to create as many 4D user accounts as rights, then switch from one to another.

4D v18 R4 makes things more intuitive by allowing you to set users’ rights with groups … dynamically.

The easiest way to do this is to create a default user account with no group memberships:

Then you can create a group for each right you want to manage.

At runtime, you can still use the SET USER ALIAS command to set the user name so it will appear everywhere in the database.

Now with the new SET GROUP ACCESS command, you can also dynamically set the group membership.

Note that these two commands are not available on the server side.

Here’s a code sample executed on a remote client after custom user authentication: 

// Set my own user field as alias
SET USER ALIAS([MyUserTable]Name)

// Set user groups following rights
C_COLLECTION($userGroups)
$userGroups:=New collection

If([MyUserTable]4DWriteProAccess)
 $userGroups.push(”4D Write Pro”)
End if
If([MyUserTable]4DViewProAccess)
 $userGroups.push(“4D View Pro”)
End if

SET GROUP ACCESS($userGroups)

You can set the current user group access to none if you want:

SET GROUP ACCESS(New collection)

You can reset the current user group access to how it’s stored in the directory file:

SET GROUP ACCESS

The new Get group access command allows you to retrieve the current group membership:

SET GROUP ACCESS(New collection(“4D View Pro”;”4D Write Pro”))

$collection:=Get group access
// $collection contains ["4D View Pro","4D Write Pro"]

All given group access don’t affect the user / group directory.

Now it’s your turn to give it a try. Manage your users and groups dynamically … as you want!

Avatar

• Product Owner •

Damien Fuzeau has joined the 4D Product team in February 2019. As a Product Owner, he is in charge of writing user stories, then translating them to functional specifications. His job also entails making sure that the feature implementations delivered are meeting the customer needs.

Damien is graduated from the University of Nantes in software engineering. He spent more than 23 years in its former company, first as developer (discovering 4D in 1997), and later as engineering manager and software architect. This company is a 4D OEM partner and deployed 4D based business softwares for thousands users, on hundreds servers. So, Damien is used to 4D development and deployment in a multi-language context.