An In-Depth Look at the Anatomy of End-User Permissions in OutSystems

People
Written By Fabrício Bonifácio Viana

As an OutSystems developer, I bet you already know how to grant and revoke end-user permissions, right? You also know this can be done by accessing the Users Application and associating roles and groups for end-users or by specific server actions in code. But have you ever been curious about how OutSystems handles it in the database and which entities hold the data related to users' permissions? 

In this article, I will get through the system entities related to end-user permissions and explain them briefly.

 

The Data Model

The image below illustrates the data model we will discuss, and I will briefly explain each entity.

Permissions-related data model

Image 1 – Permissions-related data model

Role Entity

The Role entity holds all the roles created in the OutSystems platform and has a Foreign Key to identify the module to which the Role belongs.

Image 2 – Role Entity

There is also a property named Persistent (boolean) that follows this rule:

If Persistent is set to TRUE, granting or revoking the Role in runtime, it will store it in the database and keep it between login sessions.

If Persistent is set to FALSE, granting or revoking the Role in runtime, it will not store it in the database and lasts only for a single session.

Group-related Entities

Three entities are related to Groups and their permissions: Group, Group_User, and Group_Role.

Groups permissions-related Entities

Image 4 – Groups permissions-related Entities

The Group entity holds all the groups created in the OutSystems platform. There is also a property named Has_Custom_Management (Boolean) that follows this rule:

  • If Has_Custom_Management is set to TRUE, the Group will be managed by yourself and will no longer be visible in the Users application.

  • If Has_Custom_Management is set to FALSE, OutSystems will manage the Group, and it will be visible in the Users application.

Additionally, the Group_Role entity holds all the Roles the Group is associated with, and the Group_User entity holds the Users that belong to that Group.

End-user Permissions-related Entities

There are two entities related to end-user permissions: User_Role and User_Effective_Role.

End-user permissions-related Entities

Image 4 – End-user permissions-related Entities

These two entities are similar, and they both hold the Roles of a User, but there is a slight difference between them:

The User_Role entity holds the Roles that are directly associated with a User. It doesn’t contain the roles given by the groups.

The User_Effective_Role entity is actually a metamodel view that gives us all the Roles associated with a user, either given directly or by a Group the user belongs to. You can’t add, update, or delete data from this entity.

So, if you want to check manually if a User has a specific Role, don’t look at User_Role because it might not be there. Instead, look at User_Effective_Role.

Wrapping up

That is all, folks! My goal with this article is to clarify the permissions-related entities and how the data is stored in the database. Also, punctuate the differences between the entities User_Role and User_Effective_Role because, from my point of view, it is an essential topic if you want to create a profile manager by yourself or even to check if the data is well stored in the database.

If you want to learn more about Roles and Groups in the OutSystems Platform, this great article on the OutSystems Documentation explains it in detail: Manage End Users and Organize Roles using Groups.

 

Like this article? Share it:

Fabrício Bonifácio Viana
Previous

Crafting Custom Logging & Change Tracking in OutSystems — Part 1: The Core
Next

Streamlining OutSystems Code Review: Tools, Tips, and Best Practices