Skip to main content

Users, Roles, and Claims

Users can be assigned limited access to the app. This is particularly important for the security of your data. This section will explain Claims, which set permissions across the application, and Roles, which are a set of claims to define user management. Users can have multiple roles and/or claims.

We will define three different types of claims for the Support Ticket App: 1) the ability to create new tickets; 2) the authorization to update and delete tickets; and 3) the ability to list all tickets. A default user (i.e., a user with no claims) cannot create or modify tickets and they can see only the tickets they created.

NOTE: This tutorial is built upon the foundation of the Support Ticket application.

1. Create Security Claims

  • Go to Security > Security Claims and click (+) OR press Ctrl + Shift + C and go to Security > Security Claim
  • Set Name to: Can Create Ticket
  • Click Finish
    Follow the same steps to create Security Claims for Can List All Tickets and Can Update Ticket

2. Create Security Roles

Two roles will be defined for these three claims: 1) Customers, who can create tickets; and 2) Support Staff, who can view all of the tickets and modify them.

  • Go to Security > Security Roles and click (+) OR press Ctrl + Shift + C and go to the Security section and click Security Roles
  • Set Name to: Customer
  • Set Claims for Role to: Default - CanCreateTicket
  • Click Finish
  • Press Ctrl + Shift + C and click Security Roles
  • Set Name to: Support Staff
  • Set Claims for Role to both: Default - CanUpdateTicket and Default – CanList AllTickets
  • Click Finish

3. Data Access

Some restriction on Tickets should be established so that only users with the correct right claims can perform basic operations.

  • Go to Security > Data Access and click Data Access
  • On the Ticket row and in the Actions column, click Edit
  • Mark Security Condition for CREATE and set it to: 
(item, db, ctx) => ctx.User.HasClaim(App.Security.Claims.CanCreateTicket)
  • Mark Security Condition for UPDATE and then Security Condition for DELETE. Set the both to: 
(item, db, ctx) => ctx.User.HasClaim(App.Security.Claims.CanUpdateTicket)
  • Click OK

4. List Page Restriction

Customers should only see their own tickets.

  • Go to UI > Entity Pages and double-click Ticket List
  • In the General tab, Data section, click Data Source
  • Copy and paste the following: 
(_, db, ctx) =>
  ctx.User.HasClaim(App.Security.Claims.CanListAllTickets) ?
  db.TicketSet : 
  db.TicketSet.Where(t => t.CreatedBy == ctx.User)

Assign Roles to New Users

When users are added they can be assigned the proper roles and access as part of the process.

The process for assigning Claims and Roles is slightly different for Development Instances and Production Instances.

Development Instance

  • On the App Overview, click Update App
  • Click Start
  • Click Users
  • Select the appropriate options from the drop-down menu for Test User Security Roles and Test User Security Claims. These can later be adjusted to create different testing scenarios.

Production Instance
If there is no Production instance, go to Create Instance; set Application Type to Production

  • On the App Overview, click Update App (if necessary)
  • Click Start
  • Click Add Users
  • Click Create New Account
  • Enter the user’s Full Name and Email
  • Click OK
  • Mark the appropriate checkboxes for Security Roles and Security Claims
  • Click Save