Databases Reference
In-Depth Information
Figure 9-28.
Setting the authorization scheme at a page level
33.
Repeat steps
31
and
32
for pages
600
and
610
.
Now that the authorization scheme has been implemented on the administration pages, you can test the security
behavior. Only a user set up with the Administrator role on the access-control page can use the Admin pages 600
through 620.
Log in to the application as the user Scott, and you can navigate all the administration functions. Logging in as
any other user and clicking the Admin parent tab results in the message shown in Figure
9-29
.
Figure 9-29.
Error message generated when the authorization scheme returns a denied result
The error message in Figure
9-29
isn't very friendly. An application should make every effort to avoid the type of
event that would cause a privilege error. In this application, the Admin tab should be removed from the page when it
doesn't meet the access restrictions. You accomplish this using the same authorization scheme applied to the tab itself:
34.
Edit
Page 600
in the application.
35.
Expand the
Parent Tabs
node in the
Shared Components
region, and double-click
Admin
as shown in Figure
9-30
.