Database Reference
In-Depth Information
Figure 9-30.
Doub-click the Admin tab to edit its properties
36. Under
Authorization
, set
Authorization Scheme
to
access control
- administrator
, and click
Apply Changes
.
Now, when running the application, if the user isn't privileged with administrator
access, the tab doesn't display. This avoids the event that would cause the user to see
the access-denied error message.
You've applied the authorization scheme at the page level and tab level for the ad-
ministration pages. Next, let's remove the ability for a view-only user to create new re-
cords by associating the Edit authorization scheme with the button required to create
tickets:
37. Edit
Page 200
of the application.
38. Edit the
Create
button by double-clicking its name.
39. In the
Security
region, shown in
Figure 9-31
, set
Authorization
Scheme
to
access control - edit
, and click
Apply Changes
.
Figure 9-31.
Security setting for the buttons
40. Repeat steps
38
and
39
for the
Manage Multiple Tickets
button.
To test this change, log in with the username Martin. This user has been granted
view privileges, so the buttons on page 200 aren't shown. Does this mean that Martin
can't create tickets?
Let's review the steps you applied to the Admin pages. Security was first applied to
the page itself, and then additional security was applied to prevent the access-denied
error. In the case of the buttons to create tickets, security to remove the buttons doesn't
prevent the page from being run directly either from the Application Builder or by
changing the page number in the URL to 210 or 230.
