Getting started with USoft 10.0 authorisation
Getting started with authorisation in a NEW application
This section is about getting started with authorisation when you create a new application with the USoft 10.x platform, as opposed to upgrading an existing USoft application from a previous version.
In your first prototypes, authorisation is NOT likely to be your primary concern. You first want to try out and visualise some of the main functionality without immediately shielding areas off from specific groups of users.
For this reason, by default, a USoft 10.x application is open to all users unless and until you take specific action in the area of authorisation.
This default behaviour is visible because it is implemented by a special initial role called ADMIN:
•Your new application automatically has an initial role called ADMIN.
•In USoft Definer, when you create a table, a job or a component, this new resource is associated by default with this ADMIN role. Users who have the ADMIN role therefore have access to all new resources.
•In Development, when you run Create Tables for your application in USoft Binder, you are automatically given the ADMIN role to your application. This gives you default runtime access to all new resources.
To view the ADMIN role and the fact that it has default access to all resources:
Getting started with authorisation after upgrade from USoft 9.1
This section is about getting started with USoft 10.0 authorisation after you have upgraded an existing USoft 9.1 application to USoft 10.0 using the Upgrade Tool.
In this situation, the Upgrade Tool will have:
•converted all your 9.1 user groups into 10.0 roles.
•transferred your table rights and column rights from USoft Authorizer to USoft Definer.
•left your application in distinct-roles mode, as opposed to merged-roles mode.
The result of all this is that in the new situation, the access rights associated to each role are equivalent to the access rights that the user group with the same name had in the old situation.
To plan your authorisation in this situation, the only explicit decision you need to take is whether you want to switch to the new merged-roles mode. If you do that, you may want to re-organise some of your access rights.
Apart from this decision, you can just continue to work on authorisation like you did before, except that you don't give access rights to user groups in USoft Authorizer anymore. Instead, you now give access rights to roles in USoft Definer.