When I add a new group, it defaults to full acress across all solutions…which is very annoying. Is there any way to change that?
Also, is there a way to restrict a group from even opening a solution, rather than having to remove access from every form on the solution?
you have already posted a similar question here: http://forum.servoy.com/viewtopic.php?t=6808
same answer:
Just check in the startup method of your solution if the user belongs to one of the groups that can use the solution.
I agree that security should be on the “safe” side, i.e., default deny. I will look into it, however there are some backward compatibility issues that we have to take into account…
Thank you Sebastiaan, can you also check what I put in the other post, which is that… If you add a new user, and forget to assign them to any group, they get full access to all solutions.
you have already posted a similar question here: http://forum.servoy.com/viewtopic.php?t=6808
same answer:
Just check in the startup method of your solution if the user belongs to one of the groups that can use the solution.
The issue I have there is that security settings should be consolidated in all one single place. So, I don’t want to have a table that holds group names and solution names, and then query that to see if they have access to the solution. And then once they get in, it would then go off of the Servoy Security settings to determine what forms/fields they can and can’t see. Then, in another area, you have methods running the filterFoundSet and filterTable to determine what records they have access to. So, that puts security in 3 separate areas:
A good security setup can me accomplished by using all three combined, but it seems that at least 1&2 should be in the same “area”, and part of the built in Servoy security…but thats just my 2 cents.