We do not want the users to have to select their role.
Posted by z Jean-jacques Jouanneaux on 26 August 2010 04:56 PM

We do not want the users to have to select their role. Based on what is written above, this seems possible, but it does not describe how. How can I make the permissions cumulative? And what happens if there is a conflict between two roles assigned to the same user (Role clerk can't see the SSN field, but role manager can)? Does the restriction of a field override access or vice versa? Or does this work some other way?

By default if you do not enable the user to select one of his roles, the permissions of the 2 roles will be merged
To avoid conflicts between your role Clerk and your role Manager, here are some solutions:
1 - By default you will not enable users to see the SSN field. You will grant the permission to see it to the role Manager. As a consequence, when the 2 roles will merge, the user will be able to see the SSN field
2 - In Visual Guard, you will list a permission ‘Show SSN field’ but not create the technical action. In your application, you will codify the following ‘Does my user has the permission ‘Show SSN field’ If he does, show the SSN field.

Visual Guard

(0 vote(s))
Not helpful

Comments (0)
Help Desk by Novalys