Skip to main content

(11) Users, Roles, and Claims

- Support Ticket Tutorial -

Users can be assigned limited access to the app. This is particularly important for the security of your data. This section will explain Claims, which set permissions across the application, and Roles, which are a set of claims to define user management. Users can have multiple roles and/or claims.

We will define three different types of claims for the Support Ticket App: 1) the ability to create new tickets; 2) the authorization to update and delete tickets; and 3) the ability to list all tickets. A default user (i.e., a user with no claims) can see tickets that have been created, but cannot create or modify tickets.

1. Create Security Claims

  • Go to Security > Security Claims and click (+) OR press Ctrl + Shift + C and go to Security > Security Claim
  • Set Name to: Can Create Ticket
  • Click Finish
    Follow the same steps to create Security Claims for Can List All Tickets and Can Update Ticket

2. Create Security Roles

Two roles will be defined for these three claims: 1) Customers, who can create tickets; and 2) Support Staff, who can view all of the tickets and modify them.

  • Go to Security > Security Roles and click (+) OR press Ctrl + Shift + C and go to the Security section and click Security Roles
  • Set Name to: Customer
  • Set Claims for Role to: Default - CanCreateTicket
  • Click Finish
  • Press Ctrl + Shift + C and click Security Roles
  • Set Name to: Support Staff
  • Set Claims for Role to both: Default - CanUpdateTicket and Default – CanList AllTickets
  • Click Finish

3. Data Access

Some restriction on Tickets should be established so that only users with the correct claims can perform basic operations.

  • At the top of the Security side panel, click Data Access
  • On the Ticket row and in the Actions column, click Edit
  • Mark Security Condition for CREATE and set it to: 
(item, db, ctx) => ctx.User.HasClaim(App.Security.Claims.CanCreateTicket)
  • Mark Security Condition for UPDATE and then Security Condition for DELETE. Set the both to: 
(item, db, ctx) => ctx.User.HasClaim(App.Security.Claims.CanUpdateTicket)
  • Click OK

4. List Page Restriction

Customers should only see their own tickets.

  • Go to UI > Entity Pages and double-click Ticket List
  • In the General tab, Data section, click Data Source
  • Copy and paste the following: 
(_, db, ctx) =>
  ctx.User.HasClaim(App.Security.Claims.CanListAllTickets) ?
  db.TicketSet : 
  db.TicketSet.Where(t => t.CreatedBy == ctx.User)

Assign Roles to New Users

When users are added they can be assigned the proper roles and access as part of the process.

The process for assigning Claims and Roles is slightly different for Development Instances and Production Instances.

Release this version of the app. Then follow these directions for establishing instances for the app:

Development Instance

  • On the App Overview, click Update App
  • Click Start if it did not start automatically
  • Click Users
  • On the Dev Instance tab, select the appropriate options from the drop-down menu for Test User Security Roles and Test User Security Claims. These can later be adjusted to create different testing scenarios.

Production Instance
If there is no Production instance, go to Create Instance.

  • Type a name for Instance Name
  • Verify that Application version is set to the latest version
  • Verify that Hosting is set to Jetveo Cloud
  • Set Application Type to Production
  • Verify that Authentication is set to Jetveo account
  • Click Create

  • On the App Overview, locate the new Production instance and click Update App
  • Click Start
  • Click Users
  • Click Create New Account
  • Enter the user's Full Name and Email
  • Click OK
  • Click Detail in the Actions column
  • Mark the appropriate checkboxes for Security Roles and Security Claims
  • Click Save