LCS - How to Secure a Page

A guide on the best practices on securing a page to a role or set of roles.

Setting up page and application security is a vital component of every Web Application. In Betty Blocks this is accomplished via two mechanisms. The Authentication Profile and Roles & Permissions.

The next section will cover what these two features are in Betty Blocks and how to pair them together.

Authentication Profile

The Authentication Profile is the backbone of end user authentication for any Betty Blocks application. For applications using an official UW template, this is already setup and configured with the profile called “WebUser”. As part of UW templates, we also bake in SSO and user management via Manifest.

Every page and Action can be configured to use a profile. Open the settings tab and at the bottom of that tab menu the option to select a profile or change a profile is available. By selecting a profile, the page is now secured for the profile that was selected, for UW Apps that will be “WebUser” and will require SSO login to access the page content.
Image highlighting the Authentication Profile Selction

Roles

Roles are a major part of application security. A role should define a set of actions or use cases that a particular user or set of users will need to complete in the application. Note: A user can only be attached to one Role in a Betty Blocks application. Roles can be managed by opening the application and opening the tools menu option and select “Roles & Permissions”.
Roles and permissions screen in Betty Blocks

Three roles are present in every application, admin, public and the default role for the application. If your application requires additional roles they can be created here.

Securing a Page for one or more roles

  1. To secure a page for only users of a specific role, open the page in Page Builder.
    1. Ensure that an Authentication Profile has been set (see above).
  2. Then in the components list search or scroll for the Data Container component.
    1. Drag the component onto the page, anywhere will do for now.
    2. In the dialog box that opens select “Current Logged in User” and select the "WebUser" Authentication Profile.
      Auth Profile Data Container
    3. Name the Data Container "AuthDataContainer" or "WebUserAuthDataContainer" to provide context and a proper name for the component. 
    4. Note: In the side menu there is no need to set a page to redirect to if the Authentication Profile does not return a valid logged in user as setting the authentication profile in the page settings does this automatically if not user session is found.
  3. Then drag another Data Container inside the first Data Container. In this dialog box select the option to “Add without configuration” and click save.
    setting no configuration on a data container
    1. Click on the Data Container and under Model select the “Role” model
    2. Click on Filter.
      1. And configure it so the Left side is Role.WebUser.id equals the Auth Data Container’s WebUser.id.
      2. Add a new group
      3. Add a new rule inside the group, select the Role's Data Container Roles.Name property equals “The Role Name”
      4. If the page needs to support multiple roles add an additional rule in the group and set the same rule as above but change the Role name to the second role that should have access.
        1. Make sure the OR is selected on the right side option.
          Filter Configuration
    3. Set the if no result redirect to a page.
      1. Select a page to redirect to, it’s common to create an Error 403 page to redirect users to in these cases. the UW templates include this file for you.
    4. Expand Advanced Options and check the box for “only render children when data is present” this ensure content will not load before the security check is completed.
      A completed WebUser data container
  4. Now comes the hardest part of securing a page, moving the data container into the right spot.
    1. Open the Component tree tab
    2. Find your nested data containers
      1. Naming conventions: LCS - Naming Conventions for Betty Blocks Development.
    3. Drag the topmost Data Containers to the very top of the tree.
    4. Now drag the topmost page element, this is often a Row or Box component. underneath the nested data container. This might take a couple of tries to get them in the right place. For pages using the Back Office Page template, the page must be unlocked first to enable editing the overview section, then create the data containers and drag them under the "Overview + Record View" instead of the top of the tree. 
      Animation of dragging a Data Container in the tree view
  5. With these Data containers in place your page is now secured for the roles you selected.


Keywords:
role,permissions,authentication,auth profile 
Doc ID:
132848
Owned by:
Joel H. in Low Code Solutions
Created:
2023-11-16
Updated:
2024-06-21
Sites:
DoIT Enterprise Business Systems - Low Code Solutions