Jump to content
  • 0

Restrict Datpage access by role

vidierre

Asked by vidierre,

 Share

Question

vidierre Enthusiast

vidierre

Posted
Posted

My app uses CASPIO authentication and  have students and techers roles.  With roles I can restrict which records are displayed and I can handle hide/display datapages in menu.

But if someone with students role type directly into his browser the URL of a datapage that he does not have in his menu he can access! I presume that there isn't a native CASPIO function to do this, it can be done with javascript?

I read:

It seems that with CASPIO i can handle the users authentication, but there is no chance to handle their authorizations. Once authenticated, users knowing the right url can access everywhere....
It is correct or there is a way to forbid the datapage access to some authenticated users?

Link to comment
Share on other sites

2 answers to this question

Recommended Posts

  • 0
Ilyrian Contributor

Ilyrian

Posted
Posted

Hi @innov2e

To answer your qeustion: It is correct or there is a way to forbid the datapage access to some authenticated users?
Yes, there is a way to do this. You can simply create different authentications based on user roles.
image.png.cde323db16e3b252d8e1d6ec48dc0683.png
After you could use one of these authentications for your DataPage.
If you want some DataPages to be restricted only to Students, then you can create DataPage with Students only Authentications.

Also you can follow this video which might be very useful to you:
https://www.caspio.com/blog/video-how-to-create-user-roles-and-permissions-in-your-caspio-apps/

Link to comment
Share on other sites
  • 0
vidierre Enthusiast

vidierre

Posted
  • Author
Posted
20 hours ago, RagnarIllyrian said:

Hi @innov2e

To answer your qeustion: It is correct or there is a way to forbid the datapage access to some authenticated users?
Yes, there is a way to do this. You can simply create different authentications based on user roles.
image.png.cde323db16e3b252d8e1d6ec48dc0683.png
After you could use one of these authentications for your DataPage.
If you want some DataPages to be restricted only to Students, then you can create DataPage with Students only Authentications.

Also you can follow this video which might be very useful to you:
https://www.caspio.com/blog/video-how-to-create-user-roles-and-permissions-in-your-caspio-apps/

hi @RagnarIllyrian, I tryed, but it seams an unpleasant workaround because (using you roles) Managers that need to access also to All_user datapage need to autenticate twice....
From a security prespective is a workarond because you are using multiple accesses instead of authorization mechanism. Reading and looking for a solution, my feeling is that Caspio has not a native support of authorizations except for Enterprise plans that allow to rely on external AD or LDAP.  I read some requiring to extend such features to all plans and this shoul be done because it a very big lack of this exceptional platform.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to question listing
×
×
  • Create New...