11-16-2016 07:02 AM
Can someone confirm my understanding of the security model in M.App Enterprise is as follows:
A role does not contain any restrictions on data for a Desktop M.App, only which users are members of the role and which Apps the role has access to.
If I need to secure access to data in a Desktop M.App for different users I must create seperate legends and seperate Apps?
This is going to create an admin overhead to maintain multiple legends and apps for a large organisation with various groups of users and isn't very "enterprise" in design.
Solved! Go to Solution.
11-16-2016 08:17 AM
If fact it's the easiest and most maintainable way to deal with legends on different roles. (Even in an enterprise approach)
Here's an example:
A field worker has for sure other layers visible than a supervisor back in the office. And for sure they will have different Apps that they need for daily work. So it's natural that you end up with 2 legends & 2 apps.
In Smart Client you had the same thing but twice as complex. You had one big legend and then a complex claim management to reduce the actual layers based on the role. The biggest disadvantage was that you never saw the actual legend until you logged in the application with the correct role.
So I don't see any admin overhead at all...
11-17-2016 01:14 PM
Thanks Thomas for your reply. Does Smart Client support role inheritance (I believe via the "Groups" functionality) enabling an Administrator to create a "base" role that all users are members of (providing access to common datasets and functionality) and then users are assigned additional roles to provide additional access to data and functionality. This then provides a easy method for updating the data and functionality in the "base" role and all users inherit the changes.
If I understand the design of M.App Enterprise security there is no role inheritance?
11-18-2016 12:45 AM
I think that, In this way, if the manager wants to share a bookmarks, redlines with the field worker, he can not do that as they are using different applications. Is there is any suggesions regarding this issue??
11-18-2016 01:12 AM
M.App Enterprise has been designed to make the administration as easiest as possible. As Thomas said in GMSC we had many options to setup the application and to create a different experience for different users and roles. But this was difficult to setup and sometimes even to understand (at least for non advanced users).
Anyway the main reason to use such a soultion was mainly because we can setup only one application; and to make it different we have the need to have inheritance, feature access level rights and so on.
In M.App Enterprise we are free to setup several different applications, rich clients, browser based clients and in the feature mobile apps. So I would think to the setup in a very different way we are used to with GMSC, we have to change approach.
About redlining sharing: it is not really an issue, you can configure different legends with common layers.