Professional Documents
Culture Documents
5.2. Users and Permissions - en-US
5.2. Users and Permissions - en-US
Table of Contents
Outline................................................................................................................................. 2
Scenario 2
How to..................................................................................................................................4
Creating the HR Manager Role 4
Hiding Screens 5
Testing 7
Employee Vacations Screen 8
Fetching Employee Leaves 9
Creating the Interface 11
Checking Permissions in the Vacations App 15
Creating the Role and Restricting Access to the Screens 15
Hiding Menu Elements 16
Grant the Role to Your User 20
Changing Settings in ODC Portal 21
Employee Manager Permissions 23
Updating the CheckPermissions Action 28
Checking Permissions in the Menu 30
Testing in the Browser 32
Wrapping up......................................................................................................................35
knowledge@outsystems.com © 2022 by OutSystems. All rights reserved. OutSystems is a registered trademark of OutSystems. The information contained
herein is subject to change without notice. All terms and conditions for OutSystems products and services are set forth in the
www.outsystems.com agreements accompanying such products and services. Nothing herein should be construed as constituting an additional
warranty. OutSystems shall not be liable for technical or editorial errors or omissions contained herein.
Outline
In this exercise, you'll create a new Role for the HR Manager on your apps. This role will
help you to:
● restrict the access to the Projects Screen in the Directory app to users that have
the HR Manager role.
● restrict the access to the Employee Vacations Screen in the Directory app to
users that have the HRManager role.
This Employee Vacations Screen does not exist yet, so you will create it in this exercise.
This Screen will display all employees with their pre-scheduled vacation days, plus the
remaining vacation days they have.
Besides that, you will also check if a user is a manager of another employee in the
Vacations app, and hide the menu entries for the Pending Requests and Delegate
Screens to users that are managers of other employees.
In the end, you'll have a Menu whose entries are visible (or not) depending on a user's
Role.
Scenario
When you installed the Directory app, it already came with the Directory Role. To access
the Directory app's Screens, any user must have this Role; otherwise, they don't get
www.outsystems.com • knowledge@outsystems.com 2
access. Now, you'll add a new Role — HRManager — and you'll use it to restrict access
to the app's Projects area.
Then, on the Vacations app, you'll create a new Screen called EmployeeVacations. This
Screen will display the number of scheduled and remaining vacation days for all
employees and it will look like the following screenshot:
Also, you want to customize the Vacations app's Menu to hide the option to access this
new Screen from users that are not HRManagers. You'll also create the HRManager
Role in the Vacations app, then you will build a Data Action and use the built-in Check
Role Action to check if the user has the right permissions to see the menu option.
Finally, you'll follow a similar approach, but this time to check whether an employee
manages another employee. If a user is a manager of another employee, then they
should see the Pending Requests and Delegate functionality in the Menu, otherwise,
they can't see these menu options. So you'll need a Server Action to perform that
verification and use it in the Data Action already created.
www.outsystems.com • knowledge@outsystems.com 3
How to
Now that you know the scenario, let's implement it by following this how-to guide!
1) Open ODC Studio, log in, and open the Directory App by double-clicking on it.
www.outsystems.com • knowledge@outsystems.com 4
Hiding Screens
That was fast! Now, you will use the HRManager Role to restrict access to the Projects
and ProjectDetail Screens and to hide the Project menu entry to users who don't have
the HRManager Role.
1) Change the Projects Screen permissions to only authorize users with the
HRManager Role.
2) Do the same for the ProjectDetail Screen. Now, let's work on the Menu!
3) Open the Menu Block in the Common flow and open the Widget tree to help
you complete the next steps.
www.outsystems.com • knowledge@outsystems.com 5
4) Enclose the third Link (the one with the Projects Screen) in an If.
Note: Here, you are using the CheckRole Client Action, which is quite new and
was introduced in OutSystems Developer Cloud (ODC). However, don't forget
that this is a client-side verification.
www.outsystems.com • knowledge@outsystems.com 6
Testing
Time to test the access to the Screens and menu option.
2) Try to open the Projects Screen by adding /Projects to the end of the URL.
You should not be able to access the Screen, since you don't have the
HRManager role assigned to your user.
www.outsystems.com • knowledge@outsystems.com 7
Employee Vacations Screen
In this section, we will work on the Vacations app. You will start by creating a new
Screen to display the employees and how many vacation days they have left.
www.outsystems.com • knowledge@outsystems.com 8
4) Add a space between the two words in the Link's Text (Employees Vacations).
www.outsystems.com • knowledge@outsystems.com 9
2) Add the Employee and the EmployeeLeave Entities as the Aggregate sources.
Note: The attribute may be hidden, so make sure you make it visible in the
Aggregate's preview.
www.outsystems.com • knowledge@outsystems.com 10
5) Then, group by the Name attribute of the Employee Entity.
www.outsystems.com • knowledge@outsystems.com 11
2) Rename the Header of the Count column to Days Scheduled .
So far, we have the employee's name and the vacation days scheduled. Now, we
want to calculate and display the remaining days.
3) Add a new column to the table, right after the Name column.
The remaining days can be simply calculated by subtracting the scheduled days
from the maximum number of vacation days an employee can schedule in a
year.
www.outsystems.com • knowledge@outsystems.com 12
You might be wondering: Where do the max vacation days come from? It's
simple; it comes from a Setting.
Since Settings cannot be accessed by Screens, you will need to create a Data
Action to get the maximum number of days.
www.outsystems.com • knowledge@outsystems.com 13
6) Set the Name of its Output Parameter to Days and set the Data Type to
Integer.
7) Drag an Assign to the Flow and set the Days Output Parameter as the
VacationsDays stored in the Settings.
www.outsystems.com • knowledge@outsystems.com 14
9) Set its Value to GetMaxDays.Days - GetEmployeeLeaves.List.Current.Count
Since the Roles are not shared between apps, we need to create a Role with the same
name of the one existing in the Directory app - HRManager - in the Vacations app.
www.outsystems.com • knowledge@outsystems.com 15
2) In the Interface tab, select the EmployeeVacations Screen and make sure it is
only accessible to users with the HRManager Role.
Note: Don't forget to add the HRManager permissions to all other Screens of
the app.
www.outsystems.com • knowledge@outsystems.com 16
2) Set the Name of the Output Parameter to HasHRManagerRole and change the
Data Type to Boolean.
3) Let's start the implementation of the CheckPermissions Data Action. Drag the
CheckHRManagerRole Server Action, located under the Logic tab in the Roles
folder, to the flow of the Data Action.
www.outsystems.com • knowledge@outsystems.com 17
4) Add an Assign under the CheckHRManagerRole Action in the flow. Select the
HasHRManagerRole Output Parameter and assign it to the HasRole Output of
the CheckHRManagerRole Action.
Now that you have the Data Action checking if the user has the expected role,
it's time to apply the result to show or hide the Menu's UI.
5) Open the Menu Block and enclose the Link containing the EmployeeVacations
Screen in an If.
www.outsystems.com • knowledge@outsystems.com 18
6) Set the Name of the If to CheckIsHrManager and the Condition to be
CheckPermissions.HasHRManagerRole.
Here is what the Menu will look like for now in the Widget Tree:
Can you see the Employees Vacations link in the Menu? No? Why is that? You're
not an HR Manager! Let's take care of that!
www.outsystems.com • knowledge@outsystems.com 19
Grant the Role to Your User
1) Open the ODC Portal and grant the HRManager Role from the Directory and
the Vacations apps to your user.
2) Go to the Vacations app in the browser, then log out and log in again.
Note: You can also take this opportunity to test the Projects Screen in the
Directory browser (don't forget to login again).
www.outsystems.com • knowledge@outsystems.com 20
3) Open the Employee Vacations Screen and make sure everything works as
expected.
Note: In this example, each employee has 25 Vacation days. This number
comes from the VacationsDays Setting, and you can change it at design time in
ODC Studio or in ODC Portal.
www.outsystems.com • knowledge@outsystems.com 21
2) Expand the Settings area and click on the VacationsDays to edit it.
www.outsystems.com • knowledge@outsystems.com 22
4) Refresh the Employee Vacations Screen in the browser to see the changes.
This new Server Action will be a little bit different from the one to check the HRManager
Role, since we do not have an EmployeeManager Role. Therefore, you'll use a different
approach where you will query the Employee Entity that is referenced from the
Directory app.
www.outsystems.com • knowledge@outsystems.com 23
3) Add an Output Parameter named IsManager with Data Type set to Boolean.
4) Drag an Aggregate to the Action flow and select the Employee Entity as the
source.
We are only interested in the data regarding the user who is logged in, so let's
use a filter.
Employee.UserId = GetUserId()
www.outsystems.com • knowledge@outsystems.com 24
6) Go back to the Action flow and add another Aggregate under the previous one.
7) Select the Employee Entity as well as Source and add the following filter:
Employee.ManagerId = GetEmployeesByUserId.List.Current.Employee.Id
This time, we're interested in the Employees who have the user logged in
assigned as their Manager.
www.outsystems.com • knowledge@outsystems.com 25
8) Drag an Assign under the last Aggregate.
The value of the Output Parameter IsManager will depend on the List of
Employees returned by the GetEmployeesByManager Aggregate. If it is empty,
it means the user logged in is not a Manager. Following the same logic, if the
List is not empty, it means the user logged in is a Manager.
www.outsystems.com • knowledge@outsystems.com 26
The IsEmployeeManager Server Action should look like the one below:
www.outsystems.com • knowledge@outsystems.com 27
Updating the CheckPermissions Action
To finish the exercise, we want the Pending Requests and Delegate Screens to be visible
only for users who are Managers. So, you'll use the recently created Server Action that
checks if a user is a Manager inside the CheckPermissions Data Action in the Menu.
1) Expand the Common UI Flow, then open the CheckPermissions Data Action in
the Menu Block.
www.outsystems.com • knowledge@outsystems.com 28
3) Drag the IsEmployeeManager Server Action to the CheckPermissions flow,
right under the CheckHRManagerRole Action.
www.outsystems.com • knowledge@outsystems.com 29
The CheckPermissions Data Action should look like the one below:
www.outsystems.com • knowledge@outsystems.com 30
2) Enclose the Pending requests and Delegate Links in an If.
The Widget Tree should look like this after you're done:
www.outsystems.com • knowledge@outsystems.com 31
4) Publish the app to save the latest changes.
You should not be able to see the Pending requests and Delegate Screens.
Note: If during the previous exercises you have assigned your user as the
manager of another employee, you will see all the links and you can skip the
next steps.
2) Open the Directory app in the browser and click on the Employees Screen.
www.outsystems.com • knowledge@outsystems.com 32
3) Click on an employee's name to see the EmployeeDetail Screen.
www.outsystems.com • knowledge@outsystems.com 33
Now you should be able to see all the Links in the Menu!
www.outsystems.com • knowledge@outsystems.com 34
Wrapping up
Congratulations on finishing this tutorial, which is the last one for this course. With this
exercise, you had the chance to go through some essential aspects of OutSystems
Developer Cloud, such as deployments, users and permissions, and libraries, among
others. Now, just continue exploring and create your own apps using ODC!
www.outsystems.com • knowledge@outsystems.com 35