NShape Concepts
Security

<< Click to Display Table of Contents >>

Navigation:  Concepts >

NShape Concepts
Security

Previous pageReturn to chapter overviewNext page

NShape has a built in security system that can restrict the end user's access to the framework's functionality. The basic concept relies on attributes set for restricted properties and commands that require certain permissions. As the security concept is meant for end users, not for the application developer, the setters of properties are not affected by the security system. Your code can manipulate all NShape objects without any restrictions.

 

NShape is shipped with a default ISecurityManager implementation, the RoleBasedSecurityManager. You are free to implement your own access restriction system but for most scenarios, the built in solution should be sufficient. So let's have a closer look.

As the name says, the role based security manager relies on roles for the users. Your application can assign these roles hard coded or dependent on the user's password, just as you need. The point is, that you are able to define a set of permissions for each user role. E.g. a supervisor user would typically have (more or less) full access to the editing capabilities whereas a designer user typically can modify the diagram's appearance but may not delete or insert shapes. An operator user would typically be able to load and view diagrams but may not modify the diagrams.

In order to archive a higher level of customizability, you can create up to 26 different sets of access restrictions for each user role. These subsets are called security domain and are identified by an uppercase letter from A to Z.

Each class implementing ISecurityDomainObject (typically shapes and diagrams) can be assigned to such a security domain. This way, you can limit access to certain shapes (e.g. shapes created by your application, shapes representing a wiring scheme, etc) while enabling the user to modify other shapes (e.g. annotation text shapes added by another user or the 'cable' shapes of a wiring scheme).        

The required permissions can be sorted into categories which represent the basic actions users can perform. There are general permissions that stick to the user's role and domain specific permissions that belong only to a certain security domain.

General Permissions:

Name

Description

Design

 

ModifyPermissionSet

Same as Security.

Obsolete in NShape 2.0

Security

Assign a security domain any ISecurityDomainObject. This permission is security domain independent.

Available only in NShape 2.0

Templates

Edit, insert and delete templates. This permission is security domain independent.

Domain Specific Permissions:

Name

Description

Connect

Connect or disconnect shapes. This permission depends on the active shape of the connection.

Data

Modify data properties. This permission depends on the ISecurityDomainObject to modify.

Available only in NShape 2.0

Delete

Remove shape from diagram. This permission depends on the ISecurityDomainObject to remove.

Insert

Insert shape into diagram. This permission depends on the ISecurityDomainObject to insert.

Layout

Modify position, size, rotation or z-order of shapes. This permission depends on the shape to modify.

ModifyData

Same as Data.

Obsolete in NShape 2.0

Present

Modify the appearance of the shape (color, line thickness etc.) and assign another style. This permission depends on the shape to modify.

 

Since NShape 2.0, you can specify whether a restricted property is only readable or not accessible at all through SecurityAccess:
Granting a permission with the option SecurityAccess.Modify, the property can be modified as usual. Granting a property with the option SecurityAccess.View, the property will be shown in the property editor but it cannot be modified.

 

See Also

ISecurityManager Interface

ISecurityDomainObject Interface

RequiredPermissionAttribute Class

Permission Enum

SecurityAccess Enum

RoleBasedSecurityManager Class