Can a user have multiple access levels?

If you have questions or if you want to share your opinion about Aware IM post your message on this forum
Post Reply
ask180
Posts: 160
Joined: Thu Oct 04, 2012 11:40 pm

Can a user have multiple access levels?

Post by ask180 »

Hi,

I have a project which requires a person (who would have a unique login name) to have 2 or more access levels at the same time. In my context, the person may be a staff member and/or a student. Staff and Student would be the 2 access levels, with totally different VP options, but it looks to me that AwareIM cannot be configured for this scenario (ie: it assumes only one access level per user).

I would really like to use AwareIM for this project. Does anyone know how to configure this scenario? For each session, the user would pick one access level for that session.

So the question is, can I configure an AwareIM application to support multiple access levels for each user?

Thoughts?
customaware
Posts: 2392
Joined: Mon Jul 02, 2012 12:24 am
Location: Ulaanbaatar, Mongolia

Re: Can a user have multiple access levels?

Post by customaware »

You are correct..... but there are ways to achieve a suitable result....

The issue is that, when the user logs in, how do you determine which Access Level and VP they should be using this time as compared to another time.
So long as there is some distinguishing thing that can be tested then you can switch VP easily.

I have also you a crude Permissions page which determines what a user can and can't see and do.
permissions.png
permissions.png (102.17 KiB) Viewed 10470 times
Cheers,
Mark
_________________
AwareIM 6.0, 8.7, 8.8, 9.0 , MariaDB, Windows 10, Ubuntu Linux. Theme: Default, Browser: Arc
Upcloud, Obsidian....
Image
ask180
Posts: 160
Joined: Thu Oct 04, 2012 11:40 pm

Re: Can a user have multiple access levels?

Post by ask180 »

Mark, thanks for your quick response.

If I have a business object which stores the authorised access levels for each user, then I should be able to list those as part of an initialisation process (PICK FROM ...) ? The user would then pick one for the session (I would store the picked access level on their RegularUser, and away we go.

Would there be any security implications to this (eg: am I opening up a hacking hole)?

Steve
customaware
Posts: 2392
Joined: Mon Jul 02, 2012 12:24 am
Location: Ulaanbaatar, Mongolia

Re: Can a user have multiple access levels?

Post by customaware »

You will only have a single Access Level for each user.....but,

I get what you are saying...

When the User first logs in they are required what role they want to play for this session....

I think you could certainly make that work but you will need to keep in mind the following.

Out of the box Aware can refer to various Access Levels as LoggedInRegularUser or LoggedInCustomer or LoggedInEmployee or... LoggedInSystemUser
You will lose that functionality. For example... Assume your User's base Access Level is Client and the Roles (I would keep the concept of Access Level and Role seperate) you have allocated to that User
to choose from are Client, Employee and AwareIMDeveloper.... regardless of what you do your reference that user will be by way of LoggedInClient and you will need to include additional tests in processes and rule to
ascertain what Role the User is playing today etc..... if that makes sense...

I am really lazy so I would just give them 3 logins.... bobclient, bobemployee and bobawareimdeveloper...... ;-)
Cheers,
Mark
_________________
AwareIM 6.0, 8.7, 8.8, 9.0 , MariaDB, Windows 10, Ubuntu Linux. Theme: Default, Browser: Arc
Upcloud, Obsidian....
Image
Jaymer
Posts: 2430
Joined: Tue Jan 13, 2015 10:58 am
Location: Tampa, FL
Contact:

Re: Can a user have multiple access levels?

Post by Jaymer »

ask180 wrote:Mark, thanks for your quick response.

If I have a business object which stores the authorised access levels for each user, then I should be able to list those as part of an initialisation process (PICK FROM ...) ? The user would then pick one for the session (I would store the picked access level on their RegularUser, and away we go.

Would there be any security implications to this (eg: am I opening up a hacking hole)?

Steve

There’s a difference here between what you’re talking about - the built-in aware access level, and marks user roles.
The aware user can only be one access level.

Can you narrow this down to finite sets of combinations?
1 adMin
2 staff
3 student
4 staff & student
Etc?

With a start up process, that checks the access level at the time of login, then you can display an appropriate visual perspective


I don’t know how complex your thing is, but if it’s a limited set of options, like administrator, or admin and
Click Here to see a collection of my tips & hacks on this forum. Or search for "JaymerTip" in the search bar at the top.

Jaymer
Aware Programming & Consulting - Tampa FL
ask180
Posts: 160
Joined: Thu Oct 04, 2012 11:40 pm

Re: Can a user have multiple access levels?

Post by ask180 »

Thanks for the replies.

What I am now thinking is that all users are stored in the RegularUser business object.

I define another business object called RegularUserRole, linked to RegularUser, which lists the roles that each user has. Some users may only have one role stored in RegularUserRole (either Staff or Student), whereas some may have two rows stored in RegularUserRole (Staff and Student).

If the user only has one defined role, on login, I will copy RegularUserRole.AccessLevel to RegularUser.AccessLevel, and away we go.

If the user has more than one defined role, I will display a pick list of these roles, and the role picked will be copied to RegularUser.AccessLevel.

AwareIM should then display to appropriate visual perspective.

Am I missing something here, or does that sound valid?
customaware
Posts: 2392
Joined: Mon Jul 02, 2012 12:24 am
Location: Ulaanbaatar, Mongolia

Re: Can a user have multiple access levels?

Post by customaware »

I am only guessing so it would be interesting to know.... but I would suspect Aware will lock in the Access Level upon login so changing it mid app might cause issues. Have never tried it.
Cheers,
Mark
_________________
AwareIM 6.0, 8.7, 8.8, 9.0 , MariaDB, Windows 10, Ubuntu Linux. Theme: Default, Browser: Arc
Upcloud, Obsidian....
Image
ask180
Posts: 160
Joined: Thu Oct 04, 2012 11:40 pm

Re: Can a user have multiple access levels?

Post by ask180 »

Mark, you were right. You can't override the access level.

I will give it some more thought. I still want to use AwareIM for this project.
tford
Posts: 4238
Joined: Sat Mar 10, 2007 6:44 pm

Re: Can a user have multiple access levels?

Post by tford »

Steve,

Here is another twist on Mark's permissions picture that might be feasible for you.

You could define instances of RegularUserRoles for each RegularUser & give each instance a name ... similar to an AccessLevel, but not using AwareIM's AccessLevel attribute. Each instance of RegularUserRoles could contain a series of switches like Mark's picture. The user would be presented with an "AccessLevel" name (from their instances of RegularUserRoles). When the instance is selected, the values in all of the switches would be copied over to LoggedInRegularUser & be active throughout their session.

When they log in next time, the system could show their current "AccessLevel" settings & might not require the user to make a selection if they don't want to change to another instance of RegularUserRoles settings.
Tom - V8.8 build 3137 - MySql / PostGres
hpl123
Posts: 2579
Joined: Fri Feb 01, 2013 1:13 pm
Location: Scandinavia

Re: Can a user have multiple access levels?

Post by hpl123 »

It IS possible to change access level when using a app i.e when logged in and I do this in a couple of scenarios. You do however have to reload the browser for the new VP to show (for the new access level) and I ASSUME access level restrictions (set in config tool) do apply when a user has reloaded the browser but I am not sure as I haven´t tested it.
Henrik (V8 Developer Ed. - Windows)
ask180
Posts: 160
Joined: Thu Oct 04, 2012 11:40 pm

Re: Can a user have multiple access levels?

Post by ask180 »

I will test that last option. And thanks Tom for your suggestion. The concern I have with setting the switches is that the user can view the source in the browser and change the switch settings which compromises security. Does that sound right, or am I misunderstanding something?
Post Reply