Setting up authorization for developers

Previous Next

Most USoft development tools are themselves USoft applications and as such, developers who use them need permission from USoft authorization rules to access data.

For this reason, you need to be aware of access rights in Development environments for USoft team members.

In large and complex USoft projects with different teams and people in different roles, you can be very precise about who has access to what, in exactly the same way as in the runtime USoft applications that you build yourself.

Initially, however, most USoft teams start out as small, agile teams. They only require minimal concern about authorization rules in Development because USoft Binder creates default authorization rules automatically.

Automatic authorization from USoft Binder

The development tools for which you need authorization rules have a "Create Tables" option on the context menu in USoft Binder.

When you run this option, in addition to (re)creating database tables that the development tool needs, USoft Binder also creates default authorization rules. These default  rules give access to every aspect of the data in the tables.

Since  USoft Authorizer is the development tool responsible for checking these authorization rules, you need to run the "Create Tables" routine for USoft Authorizer as an initial action, so that you can have authorization rules in the first place. If you do not perform this action, you do not have an authorization layer and no database user will get access to any of  the  other USoft development tools.

In summary, the steps for setting up initial authorization rules for developers are as follows:

1.Create a new, empty database account for the new development team.
2.Create a USoft Binder file that has this database user and password as its Project Properties.
3.In  that USoft Binder file, add "USoft Authorizer", "USoft Definer" and "User Application" items.
4.For the "User Application" item, using Properties from the context menu, specify the Application Name.
5.Run "Create Tables" from the context menu of the USoft Authorizer item.
6.Run "Create Tables" from the context menu of the USoft Definer item.
7.Run "Create Tables" from the context menu of the User Application item.

 

You have now set up authorization rules for USoft Definer, USoft Web Designer, USoft Windows Designer and the User Application for anybody who is allowed to know the database username and password or who is allowed to use your USoft Binder file. You can distribute copies of this file that carry the database password as a non-readable item. You can open USoft Authorizer and inspect the authorization rules that have been set up.

This minimal authorization is "one-user-per-project" authorization. It has the drawback that USoft will record change information as if only 1 developer were active. You cannot trace exactly who did what. Also, you cannot differentiate  between groups with different access rights. To do those things, read the next section.

IMPORTANT: By default, in USoft Authorizer, a user has full access to all tables as long as no specific Table Rights or Column Rights are introduced for that user. Be aware that introducing the first Table Rights will bar access to any other tables unless you specifically define Table Rights for those tables as well.

 

Personal authentication for development team members

To trace who did what, or to give different access rights to different users, you need to introduce multiple username/password combinations, typically one for each team member.

The following steps are just general instructions for doing this. In practice, there are many advanced options that allow you to set up sophisticated authentication and authorization rules in the Development environment.

Here are general instructions for setting up personal authentication for development team members:

1.As the owner of the new USoft application, perform the steps in the previous section to give yourself access to the development environment. Keep the owner password to yourself.
2.Open USoft Authorizer and define the individual team members as Application Users, giving each a name and a password.
3.In USoft Authorizer, for the USD* application, assign each Application User to a specific User Group. Initially, if you do not need to differentiate access rights, you can just have a single User Group and assign each developer to that one User Group.
4.Communicate the database connect string to all team members. Communicate a  personal username/password combination to each team member individually.
5.Team members can now access the development environment by creating their own USoft Binder file and set the communal database connect string and the personal username/password combination as Project Properties.

* The USD application comprises only USoft Definer, USoft Web Designer and USoft Windows Designer. You need to define separate access to other USoft development tools (if using). Here is a list of the application names of all USoft development tools:

 

USoft Application

Application Name

USoft Authorizer

USAUTH

USoft Developer

USD

USoft BenchMark

USTESTER

USoft Repository Manager

USREPMAN

USoft Services Manager

USERVICE

USoft Web Designer

USD

USoft Windows Designer

USD

 

Advanced options

In large development teams with complex applications, there are many ways to regulate authentication and authorization. Here are just a few pointers:

You can have single sign-on so that developers automatically log on to USoft with their OS username/password combinations.

You can let USoft Authorizer pre-define user groups that you can then assign people to. For example, a predefined group of business architects who get access only to the USoft Teamwork module in USoft Definer.

 

See Also

Setting up authorization for runtime users of your application

Introducing USoft Authorizer

Definer User Groups