|
||||||
|
Relate Components | RelateScript | BlueStep.js |
Permissions and Relate
Relate and SecurityRelate inherits its permission capabilities from the BlueStep platform. Namely, groups or individuals can be granted various permission levels, or roles, to different pieces of data throughout the system. However, Relate is also unique in many ways with regard to permissions. Below are some of the highlights:
Security and RelateAccess to Relate is controlled by security, but Relate also defines and controls many aspects of security and authentication. A user account in the BlueStep system is actually a Relate record. The "Individual" record type, the "User" category and the "Online Profile" form define a user account. Since a user account is a Relate record additional categories and forms can be added to the account and viewed and edited in the "My Account" area of the BlueStep platform. Also, any data attached to an account can be used to control security group membership using special dynamic security groups. With dynamic security groups, any information associated with a user account via Relate can be used to define security group membership rules. These security group rules may be as simple as "if the box is checked, you're in the group" or more complex, bordering-on-insanity rules like "You must have an active RN credential recorded and have logged least 35 hours on your time card in one of the last two pay periods." You can guess what side of the border such a rule is on. Exercise 1: Permission Levels Get access to a non-administrative account. You may want to create a test account for this purpose. On each type of relate element, assign different permission levels to your test user. Use the "Temporary Login" feature found on the "Tools" menu to quickly switch between your test account and administrative account. Optionally you may want to login using two different sessions (use two different browsers such as Internet Explorer and Firefox OR access BlueStep using two different domains of the same organization.) Test each permission level to see how it effects what the test account sees. Exercise 2: Dynamic Groups Use the same test account as in exercise 1. Figure out how an existing dynamic security group is configured, or create your own dynamic security group. See if you can make your test user a member of the group and remove them from the group. You can see what security groups a user account is a member of using the "User Lookup" tool found in organization administration site and unit administration sites. Grant access for your dynamic security group to various Relate elements and check out the change from the test user's perspective. For an advanced excercise, try out the unit security settings on the security group. Move a Relate record from unit to unit and change the unit security settings while observing the effect on the test user's access level. For extra credit you may want to try making the user part of multple groups and explore the complex interactions that are possible with multiple groups, and multiple relate elements, each with differing permissions, displayed together on a page. Exercise 3: Special Security Groups Try using the "Relate Self" and "Relate Creator" security groups. You will need multiple test accounts to test the Relate Creator group. See how Relate Self security effects anonomous users during account sign-up. |