Jump to content
  • 0

Restrict Datpage access by role


vidierre
 Share

Question

My app uses CASPIO authentication and  have students and techers roles.  With roles I can restrict which records are displayed and I can handle hide/display datapages in menu.

But if someone with students role type directly into his browser the URL of a datapage that he does not have in his menu he can access! I presume that there isn't a native CASPIO function to do this, it can be done with javascript?

I read:

It seems that with CASPIO i can handle the users authentication, but there is no chance to handle their authorizations. Once authenticated, users knowing the right url can access everywhere....
It is correct or there is a way to forbid the datapage access to some authenticated users?

Link to comment
Share on other sites

2 answers to this question

Recommended Posts

  • 0

Hi @innov2e

To answer your qeustion: It is correct or there is a way to forbid the datapage access to some authenticated users?
Yes, there is a way to do this. You can simply create different authentications based on user roles.

image.png.cde323db16e3b252d8e1d6ec48dc0683.png
After you could use one of these authentications for your DataPage.
If you want some DataPages to be restricted only to Students, then you can create DataPage with Students only Authentications.

Also you can follow this video which might be very useful to you:
https://www.caspio.com/blog/video-how-to-create-user-roles-and-permissions-in-your-caspio-apps/

Link to comment
Share on other sites

  • 0
20 hours ago, RagnarIllyrian said:

Hi @innov2e

To answer your qeustion: It is correct or there is a way to forbid the datapage access to some authenticated users?
Yes, there is a way to do this. You can simply create different authentications based on user roles.

image.png.cde323db16e3b252d8e1d6ec48dc0683.png
After you could use one of these authentications for your DataPage.
If you want some DataPages to be restricted only to Students, then you can create DataPage with Students only Authentications.

Also you can follow this video which might be very useful to you:
https://www.caspio.com/blog/video-how-to-create-user-roles-and-permissions-in-your-caspio-apps/

hi @RagnarIllyrian, I tryed, but it seams an unpleasant workaround because (using you roles) Managers that need to access also to All_user datapage need to autenticate twice....
From a security prespective is a workarond because you are using multiple accesses instead of authorization mechanism. Reading and looking for a solution, my feeling is that Caspio has not a native support of authorizations except for Enterprise plans that allow to rely on external AD or LDAP.  I read some requiring to extend such features to all plans and this shoul be done because it a very big lack of this exceptional platform.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...