Studio provides a visual designer for editing resource roles settings and role permissions at design time.
To create a new resource role, use the menu in Jmix Tool Window.
Enter a role name and its code in the appeared dialog.
Role Designer is integrated with the code editor that is available on the Text tab. You can edit the source code directly or use the Designer’s controls to generate the code.
The Definition tab defines basic role attributes.
Role code is used when assigning the role to users, therefore it should not be changed after the role has been already assigned to some users.
On the User Interface tab, you can define permissions for menu items and screens.
The tree on the left displays the structure of the main menu, both project-defined screens and inherited screens from the framework and add-ons. The All Screens group displays all remaining application screens that are not directly available through the main menu. You can find the necessary screen with the help of the search field located above the tree.
All menu items and screens are denied by default. By choosing the item on the left and selecting Allow on the right side of the panel, you will add permission to open the corresponding menu item or screen.
Use the toolbar above the tree to expand or collapse its nodes. The gear button toggles displaying screens and menu items that don’t have permissions specified.
The Allow all screens checkbox is useful when you want to grant access to all screens or deny only a few.
On the Entities tab, you can define CRUD permissions for entities and entity attributes.
The table on the left side of the panel displays entities defined in the project as well as entities inherited from the framework and add-ons. The entity list can be filtered by name with the help of the search field located above the table.
A toolbar above the entities contains the following actions:
Current project only - toggles displaying inherited entities.
Assigned only - toggles showing entities that don’t have permissions.
All entity operations are denied by default. Using checkboxes in the table, you can allow particular operations for the selected entity.
The table on the right displays attribute permissions for the selected entity. All entity attributes are denied to view and modify by default. By selecting the View and Modify checkboxes, you can set the necessary access level for the selected attribute.
The wildcard [*] option in the attributes' table allows you to mark all attributes as available to View or Modify, including those attributes that will be added to the selected entity in the future.
The Allow all checkbox in the entities' table permits all CRUD operations and allows Modify for all attributes, making the selected entity fully accessible for the current role.
On the Specific tab, you can define specific permissions.
The framework uses specific permissions to restrict access to various mechanisms. In the tree, you can see the permissions inherited from the framework and add-ons.
To add permission, use the plus button in the toolbar above the tree. In the Resource field, you should specify the name of the policy defined in your project. See how to create the specific policy in the Specific policy section.
All specific policies are denied by default. Select the policy in the tree and allow access in the right panel.