Databases Reference
In-Depth Information
Figure 9-30.
Doub-click the Admin tab to edit its properties
36.
Under
Authorization
, set
Authorization Scheme
to
access control - administrator
, and
click
Apply Changes
.
Now, when running the application, if the user isn't privileged with administrator access, the tab doesn't display.
This avoids the event that would cause the user to see the access-denied error message.
You've applied the authorization scheme at the page level and tab level for the administration pages. Next, let's
remove the ability for a view-only user to create new records by associating the Edit authorization scheme with the
button required to create tickets:
37.
Edit
Page 200
of the application.
38.
Edit the
Create
button by double-clicking its name.
39.
In the
Security
region, shown in Figure
9-31
, set
Authorization Scheme
to
access
control - edit
, and click
Apply Changes
.
Figure 9-31.
Security setting for the buttons
40.
Repeat steps
38
and
39
for the
Manage Multiple Tickets
button.
To test this change, log in with the username Martin. This user has been granted view privileges, so the buttons
on page 200 aren't shown. Does this mean that Martin can't create tickets?
Let's review the steps you applied to the Admin pages. Security was first applied to the page itself, and then
additional security was applied to prevent the access-denied error. In the case of the buttons to create tickets, security
to remove the buttons doesn't prevent the page from being run directly either from the Application Builder or by
changing the page number in the URL to 210 or 230.
