Security problems with 2.5

I have an application which I migrated from 2.4.6 to 2.5. The application has 6 user roles defined (plus MxAdministrator & Developer). On migration a 'Shared' module was created & the module security for this module & for all the existing modules in the original application contained all of the user roles as module roles. I have now createed a new module, but there are no module roles created. Do I need to create new module roles evry time I create a new module? I don't seem to be able to grant access to forms etc. in the new module to existing user roles. I would have expected all user roles defined in the project security to be available to all modules. Conversely, I have also deleted one of the modules from the original application, and I now get an error, "Undefined module role 'Test.rolename' (no module 'Test')." The only way I can seem to get rid of the errors is to recreate the deleted module and all the module roles. I've tried looking in the docuemntation, but that page does not appear to have been completed yet. Can someone explain how this should work. Thanks.
2 answers

Hi Andrew,

From 2.5 onward, the modeler makes distinction between application/user and module roles. For each module, you should create new roles (under the module and then security) which match the different user roles inside that module. For example a email send module might have the module roles 'Email.EmailSender' and 'Email.EmailAdminstrator' (for smtp settings and such), while the HRM module in the same app has many more roles, such as Hrm.HRMManager, Hrm.Manager, Hrm.Employee, Hrm.BoardMember etcetera.

In the end, you can set up the globally available user roles under project > security. Here you can assign for every user role a set of module roles. For example the global CompanyEmployee role might consist of the module roles Hrm.Employee and Email.EmailSender, while the CompanyManager role exists of Hrm.Manager and the same Email.EmailSender.

So it is a bit different model, but in the end you end up managing less roles since module roles do not interfere with other module roles.

The 'undefined module' error means you have a reference left. Often such references remain in Dataview.Remove from Context property, the Visible for property of a form or the global security settings. From the error description i guess its one of the latter two.


I think I can now answer my own question.

When adding a new module, you need to create a new module role in the module security form (e.g. 'Admin'), then open the project security form and edit the user role 'Admin', select Add module role and select the corresponding module role from the new module.

When deleting a module, you need to open the project security form and Remove the module roles for that module from the user role.

Could someone confirm if this is the best way to do this. It seems a little tortuous & leaves potential for errors. Are there any plans to make this more automated, e.g. to enable user roles to be selected & imported into the module security (or is there aleready some way of doing this)? Thanks.