Database Reference
In-Depth Information
Important
Removing or hiding a button, a tab, or another link doesn't secure the
target it was pointing at; it only helps reduce errors seen by users on components that
are already secure.
The design for the Help Desk application has the Manage Multiple Tickets page
only available to users with edit privileges, so the entire page is secured at the edit
level. The single-record view of a ticket continues to be visible to all authenticated
users, but without the buttons related to record manipulation:
41. Edit
Page 210
of the application.
42. Edit the
Create
button in the
Manage Tickets
region by double-
clicking its name.
43. In the
Security
region, set
Authorization Scheme
to
access con-
trol - edit
, and click
Apply Changes
.
44. Repeat steps
42
and
43
for the
Delete
and
Save
buttons as well as
the second
Create
button located in the
Ticket Details
region.
45. Edit
Page 220
of the application.
46. Edit the
Create
button by double-clicking its name.
47. In the
Security
region, set
Authorization Scheme
to
access con-
trol - edit
, and click
Apply Changes
.
48. Repeat steps
46
and
47
for the
Delete
and
Save
buttons.
49. Edit
Page 230
of the application.
50. Edit the page attributes by double-clicking the page name.
51. In the
Security
region, set
Authorization Scheme
to
access con-
trol - edit
, and click
Apply Changes
.
Review the application now with different users. Notice how the user Martin can
still navigate from the Tickets report to view the details of the ticket, but there are no
buttons to modify the records in the database. Even though the form elements are edit-
able, they aren't written back to the database without the proper form submission.