Hi Servoy,
I think there is a problem with the current implementation of the way the design-time security information is handled which results in an "unauthorized" access to forms and elements.
Consider the following scenario to reproduce the issue:
1. Create a solution with a few forms. One of the forms (e.g. Form A) is intended to be used only by administrators.
2. Create 2 user groups: Administrators and Users and at design time indicate that only Administrators have access to Form A by unchecking the appropriate checkboxes on the Security tab of Form A
3. Check the resulting formA.sec file - you will notice that it contains information only about the groups which do not have access to that form.
4. Create 2 users and assign them to the groups so that one of them is member of Administrators and the other is member of Users
5. Run the application and verify that members of the Administrators group have access to formA and the members of the Users group do not have access to that form.
6. Deploy the solution to a server and create again 2 users - one member of the Administrators and the other member of the Users group and verify that the application still behaves as expected and only Administrators can access the formA.
So far so good.... now comes the "fun" part.
7. On the server create a new group or simply import another solution which uses a different group - for example Guests
8. On the server, create a new user account (e.g. guest1 ) and assign it to be member only of the Guests group
9. Run the first application but this time login using the guest1 account
10. Access the formA (which supposedly was to be accessible only to members of the Administrators group) - you will see that the user guest1 which is not a member of the Administrators group in fact has access to that restricted form.
This issue applies to individual elements on the form as well and I suspect that it applies to table-level security also. As you can see, this is not even a hack and can be caused unintentionally by the administrators (all they need to do is simply import another solution which uses some other groups).
For sure almost all developers which bother to put any security in their applications using the design-time options in Servoy will not expect this. I am very skeptical that this is the designed and expected behavior but wanted to bring this question up to see what the official Servoy position is on this. To me, this looks like a very serious security issue which is very easy to exploit - all you need is a valid user account.