at the moment i’m trying to switch our solution SalesManager|CRM from Servoy 5.2 to Servoy 7.3.1
When you want to create a user in Servoy 7, you have to be a member of the Administrators group.
But when you are an admin, you have the possibility to access the Servoy Admin Page.
Is it possible to change this behaviour so non-admin users can also create users (add them to groups etc)?
This would be nice, because we have customers which are allowed to create new users, but they don’t should access the Servoy Admin Page.
Thank you for you answer Marc, but i think i’ve to explain a little bit more:
Our customers can create new users in our solution (not in the Servoy Admin Page) but with the method security.createUser()
This method fails with an error message, that you have to be member of the Administrators group.
I don’t want to add our customers to the admin group, because i don’t want the are able to login to Servoy Admin Page.
But it seems that they need to be admins to create new users (API documentation: https://wiki.servoy.com/display/public/ … createUser)
LXS:
Thank you for you answer Marc, but i think i’ve to explain a little bit more:
Our customers can create new users in our solution (not in the Servoy Admin Page) but with the method security.createUser()
This method fails with an error message, that you have to be member of the Administrators group.
I don’t want to add our customers to the admin group, because i don’t want the are able to login to Servoy Admin Page.
But it seems that they need to be admins to create new users (API documentation: https://wiki.servoy.com/display/public/ … createUser)
Do you have any advice for me for this issue?
Maybe I wasn’t clear in my answer either.
Most solutions (at least mine) have a table containing user details (full name, email, loginname, password_hash, etc.)
At login I authenticate against this user table and register the user at the application server (using security.login)
In previous versions there was a need to create users in the admin page, but that’s not needed anymore.
If you really want to create users, I’d suggest you spawn a headless client that has admin-privileges and will create the user for you.
But the way I described above is easier and currently the recommended way to go.
I agree, we also have a table containing user details.
In our solution when the customer creates a new user a new record in my users table will be created.
In the same time i call security.createUser to add the new user to the Servoy security users table (and here is the problem, that you have to be an admin to do this).
On the login solution i first call security.authenticate() to validate the credentials. If it was successfull i call security.login().
The security.login() method needs a servoy user.
So i need to create the user in the servoy security as well, isn’t it?
You said you authenticate against your user table, but how do you register the user by security.login without a servoy user as argument?
hmm i had a look to the sample code of security.login():
var groups = [‘Administrators’]; //normally these groups are for example received from LDAP
var user_uid = scopes.globals.email; //also this uid might be received from external authentication method
var ok = security.login(scopes.globals.username, user_uid, groups)
if (!ok) {
plugins.dialogs.showErrorDialog(‘Login failure’, ‘Already logged in? or no user_uid/groups specified?’, ‘OK’)
}
It seems that the arguments can be any strings (for example from your users table) - right?
I always thought, that you have to put a servoy user here!
When you don’t use any security settings from Servoy groups, you can simply login against the Administrators group. That always exists and the login call won’t make the user member of the group. You could also file a request that the login() call can also be used without any groups argument in the first place.
LXS:
ah, it seems only the groups are important here:
security.login(‘TestUser’,“4711”,[‘Administrators’]) works!
So the groups must exist in the Servoy security groups?
Yes, like Patrick stated. This is in no way harmful if you don’t use any further security settings.
Otherwise, just make sure the groups you need are available at the server (you can also check this by requesting all groups from the server and match that with your ‘group’ settings)
I read this as I had already written my entry https://www.servoy.com/forum/viewtopic.php?f=22&t=20176.
I was on the same questionability. I my case, it is not only the correct group. If I change the username, the login function will return false although I defined the group ‘Administrators’.