Database Reference
In-Depth Information
33. Repeat steps
31
and
32
for pages
600
and
610
.
Now that the authorization scheme has been implemented on the administration
pages, you can test the security behavior. Only a user set up with the Administrator role
on the access-control page can use the Admin pages 600 through 620.
Log in to the application as the user Scott, and you can navigate all the administra-
tion functions. Logging in as any other user and clicking the Admin parent tab results
in the message shown in
Figure 9-29
.
Figure 9-29.
Error message generated when the authorization scheme returns a denied result
The error message in
Figure 9-29
isn't very friendly. An application should make
every effort to avoid the type of event that would cause a privilege error. In this applic-
ation, the Admin tab should be removed from the page when it doesn't meet the access
restrictions. You accomplish this using the same authorization scheme applied to the
tab itself:
34. Edit
Page 600
in the application.
35. Expand the
Parent Tabs
node in the
Shared Components
region,
and double-click
Admin
as shown in
Figure 9-30
.
