Role Designer

Studio provides visual tools for creating resource and row-level roles at design time.

This feature requires a RAD or Enterprise subscription. If you don’t have the subscription, see how to get the trial version.

Resource Role Designer

To create a new resource role, use the menu in Jmix Tool Window.

role open

Enter a role name and its code in the appeared dialog.

role create

Resource Role Designer is integrated with the code editor that is available on the Text tab. You can edit the source code directly or use the Designer’s controls to generate the code.

The Definition tab defines basic role attributes.

role definition

Role code is used when assigning the role to users, therefore it should not be changed after the role has been already assigned to some users.

On the User Interface tab, you can define permissions for menu items and screens.

role user interface

The tree on the left displays the structure of the main menu, both project-defined screens and inherited screens from the framework and add-ons. The All Screens group displays all remaining application screens that are not directly available through the main menu. You can find the necessary screen with the help of the search field located above the tree.

All menu items and screens are denied by default. By choosing the item on the left and selecting Allow on the right side of the panel, you will add permission to open the corresponding menu item or screen.

Use the toolbar above the tree to expand or collapse its nodes. The gear button toggles displaying screens and menu items that don’t have permissions specified.

The Allow all screens checkbox is useful when you want to grant access to all screens or deny only a few.

On the Entities tab, you can define CRUD permissions for entities and entity attributes.

role entities

The table on the left side of the panel displays entities defined in the project as well as entities inherited from the framework and add-ons. The entity list can be filtered by name with the help of the search field located above the table.

A toolbar above the entities contains the following actions:

  • Current project only - toggles displaying inherited entities.

  • Assigned only - toggles showing entities that don’t have permissions.

All entity operations are denied by default. Using checkboxes in the table, you can allow particular operations for the selected entity.

The table on the right displays attribute permissions for the selected entity. All entity attributes are denied to view and modify by default. By selecting the View and Modify checkboxes, you can set the necessary access level for the selected attribute.

The wildcard [*] option in the attributes' table allows you to mark all attributes as available to View or Modify, including those attributes that will be added to the selected entity in the future.

The Allow all checkbox in the entities' table permits all CRUD operations and allows Modify for all attributes, making the selected entity fully accessible for the current role.

On the Specific tab, you can define specific permissions.

role specific

The framework uses specific permissions to restrict access to various mechanisms. In the tree, you can see the permissions inherited from the framework and add-ons.

To add permission, use the plus button in the toolbar above the tree. In the Resource field, you should specify the name of the policy defined in your project. See how to create the specific policy in the Specific policy section.

All specific policies are denied by default. Select the policy in the tree and allow access in the right panel.

Row-level Role Wizard

To create a new row-level role, click New → Row-level Role in the Jmix Tool Window.

row level role open

Enter role parameters in the appeared dialog.

row level role create

Role code is used when assigning the role to users, therefore it should not be changed after the role has been already assigned to some users.

Studio will create and open an annotated role interface. To add a JPQL policy, click Add Policy → JPQL Policy in the top actions panel:

add policy button

In the Add JPQL Policy dialog, specify the policy parameters:

add jpql policy

Click OK. A method defining the policy will be added to the role interface.

Similarly, to add a predicate policy, click Add Policy → Predicate Policy in the top actions panel. In the Add Predicate Policy dialog, specify an entity and select the actions for which the policy should be applied:

add predicate policy