How to Add Role-Based Authorization

Teradata Employee

How to Add Role-Based Authorization

The following article describes how to add security and role based access to your portlet.

 You can use the Security Framework tag library (visa) to control permissions on your portlet. The permissions can control:

  • Access to the portlet
  • Access to specific portlet actions
  • What is displayed on the portlet

Every portlet is part of a security domain, as defined in WEB-INF/viewpoint-portlet.xml. You can set domain or instance-level permissions for your portlet. These are explained in further detail below.

Control Access to the Portlet

You can control access to the entire portlet by surrounding your portlet content with the <vs:isGranted> tag. If a specific permission is not specified, then the permission defaults to the ENABLE domain permission:

<%@ taglib prefix="vs" uri="" %>

<vs:isGranted domain="SecureHelloPortlet" var="isAuthorized" />
<c:when test="${isAuthorized}">
<jsp:include page="summary-content.jsp" />
<vs:message key="portlet_not_authorized" />

Control Access to Specific Portlet Actions

At times, you might want to restrict a certain set of portlet functions. This can be achieved by setting 'Domain' or 'Object' level permissions.

Domain-level permissions act on the whole domain. For example, in the Calendar portlet, the CREATE_EVENT permission allows the user to create events for the Calendar:

<domain name="Calendar">
<permission scope="domain" name="CREATE_EVENT" description="If granted, the user can create a new event" />

Instance-level permissions (also known as resource/object level) allow you to set permissions on certain objects. For example, in the System Health portlet, the VIEW_DETAIL permission controls whether the user can drill down into system details:

<domain name="SystemHealth">
<!-- Resource level permissions -->
<permission scope="resource" name="VIEW_DETAIL" description="If granted, the user can view the detail info
(drill down) for a particular system" />

NOTE: These permissions determine the set of permissions that an Administrator can enable or disable per role, from within the Administration portlets (Roles Manager, the Permissions tab).

Role-Based Access to Content in a Portlet

As implied, this allows you to display sections of your portlet to users within a role:

<%@ taglib prefix="vs" uri="" %>

Hello, World. <br />

<vs:isUserInRole role="Administrator">
My, aren't you special!


Refer to VISA Overview for an overview of the Security Framework.

Tags (3)