Database Reference
In-Depth Information
Important Removing or hiding a button, a tab, or another link doesn't secure the
target it was pointing at; it only helps reduce errors seen by users on components that
are already secure.
The design for the Help Desk application has the Manage Multiple Tickets page
only available to users with edit privileges, so the entire page is secured at the edit
level. The single-record view of a ticket continues to be visible to all authenticated
users, but without the buttons related to record manipulation:
41. Edit Page 210 of the application.
42. Edit the Create button in the Manage Tickets region by double-
clicking its name.
43. In the Security region, set Authorization Scheme to access con-
trol - edit , and click Apply Changes .
44. Repeat steps 42 and 43 for the Delete and Save buttons as well as
the second Create button located in the Ticket Details region.
45. Edit Page 220 of the application.
46. Edit the Create button by double-clicking its name.
47. In the Security region, set Authorization Scheme to access con-
trol - edit , and click Apply Changes .
48. Repeat steps 46 and 47 for the Delete and Save buttons.
49. Edit Page 230 of the application.
50. Edit the page attributes by double-clicking the page name.
51. In the Security region, set Authorization Scheme to access con-
trol - edit , and click Apply Changes .
Review the application now with different users. Notice how the user Martin can
still navigate from the Tickets report to view the details of the ticket, but there are no
buttons to modify the records in the database. Even though the form elements are edit-
able, they aren't written back to the database without the proper form submission.
Search WWH ::




Custom Search