Programmatic permissions on dataset built-in services

Programmatic permissions on dataset built-in services

book

Article ID: KB0073983

calendar_today

Updated On:

Products Versions
TIBCO EBX All versions from 5.8.0.

Description

Since EBX 5.8.0, it is possible to declare programmatic permissions on a dataset built-in services such as :

  • Record creation
  • Record deletion
  • Duplicate record
  • Association attach
  • Association detach
  • ...etc

These allow to define dynamic permissions that depend on the current selection and/or the current user session for example.
For a given service you will have to declare a ServicePermissionRule in a SchemaExtensions the same way you declare access rules on nodes.

Resolution

SchemaExtensions
public class MySchemaExtensions implements SchemaExtensions{
 
    public void defineExtensions(SchemaExtensionsContext aContext) {
 
        //Declare a permission rule on the association node /root/table/asso.
        aContext.setServicePermissionRuleOnNode(Path.parse("/root/table/asso"), ServiceKey.CREATE, new CreateServiceRule());
    }
     
    private class CreateServiceRule implements ServicePermissionRule<AssociationEntitySelection>{
         
        public UserServicePermission getPermission(ServicePermissionRuleContext<AssociationEntitySelection> aContext) {
 
            return UserServicePermission.getDisabled();

        }      
    }
}


In this example: 

  • the ServicePermissionRule, which is executed when the association is displayed, will disable the create action
  • the built-in create action is disabled for the association "/root/table/asso" but remains available if you access the standard table view

Issue/Introduction

Programmatic permissions on dataset built-in services

Additional Information

  • https://docs.tibco.com/pub/ebx/5.9.8/doc/html/en/Java_API/com/orchestranetworks/schema/SchemaExtensions.html
  • https://docs.tibco.com/pub/ebx/5.9.8/doc/html/en/Java_API/com/orchestranetworks/schema/SchemaExtensionsContext.html#setServicePermissionRuleOnNode-com.orchestranetworks.schema.Path-com.orchestranetworks.service.ServiceKey-com.orchestranetworks.userservice.permission.ServicePermissionRule-
  • https://docs.tibco.com/pub/ebx/5.9.8/doc/html/en/Java_API/com/orchestranetworks/userservice/permission/ServicePermissionRule.html
  • https://docs.tibco.com/pub/ebx/5.9.8/doc/html/en/Java_API/com/orchestranetworks/userservice/permission/ServicePermissionRule.html#getPermission-com.orchestranetworks.userservice.permission.ServicePermissionRuleContext-
  • https://docs.tibco.com/pub/ebx/5.9.8/doc/html/en/Java_API/com/orchestranetworks/service/ServiceKey.html
Powered by Wolken Software