Preventing access to application page depending on User Group Membership
Hello, I hope you are all doing well.
I am trying to prevent users that belong to a specific group from accessing a page in my application, and have not found a way to do this.
I read the Authorization API page and the documentation page for custom pages, and they mention setting permissions for the page to be able to access Bonita's resources, but there is no clear way of raising an error when a user tries to access a page he or she should not be able to access.
Any help would be appreciated.
Actually, you have a solution via the Subscription edition.
If this edition, you can create a new Profile, where you specify via membership or Group or Role or User mapping, who can access it.
And then you
* attache the page in this profile
* or creates an application, and attach this profile in the application.
If you stay in the community, you have to create a REST API Extension, where you check who can access the page, and when a non allowed user access it, you can return FALSE. In the case of FALSE, your page should display information like "sorry, not for you". But then, of course, you have to implement this security level on all the potential REST CALL.
Then, the second possibility with the REST API EXTENSION, to play with the permission. Then, you protect the data, but you still have to deal with the user interface when users access the page.
Unfortunately, all the pages of an application are available for all the users of the profile mapped with the application.
There is no mechanism for a navigation that adapts to the roles or groups of the user.
The way to do is is to create another application descriptor bound to another profile (which the specific group is not part of) and not put the page in this application's navigation.