{"id":1258,"date":"2008-05-05T03:45:44","date_gmt":"2008-05-05T08:45:44","guid":{"rendered":"http:\/\/www.mrc-productivity.com\/docs\/?page_id=1258"},"modified":"2024-01-09T14:24:57","modified_gmt":"2024-01-09T20:24:57","slug":"setting-up-mrc-application-security-to-control-user-access","status":"publish","type":"ht_kb","link":"https:\/\/www.mrc-productivity.com\/docs\/knowledge-base\/setting-up-mrc-application-security-to-control-user-access","title":{"rendered":"Application Security &#8211; Locking Down your Applications"},"content":{"rendered":"\n<p class=\"wp-block-ht-blocks-messages wp-block-hb-message wp-block-hb-message--withicon is-style-info\"><em>Click <a rel=\"noreferrer noopener\" href=\"https:\/\/www.mrc-productivity.com\/legacy\/security\/setting-up-mrc-application-security-to-control-user-access\" target=\"_blank\">here<\/a> to access the legacy version of this documentation.<\/em><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"overview\">Overview<\/h3>\n\n\n\n<p>Many developers utilize m-Power&#8217;s built-in Dictionary Security, which requires end-users to sign on before running any applications in the data dictionary. This means once a user signs in, they can execute <strong>any <\/strong>application inside of that dictionary. Depending on your environment, this level of security may be sufficient. <\/p>\n\n\n\n<p>However if you need to take security a step further and lock down application access to certain user roles, this is where m-Power&#8217;s Application Security should be utilized.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"enabling-application-security\">Enabling Application Security<\/h3>\n\n\n\n<p>From the development interface, navigate to Admin -&gt; Menu &amp; Security. All Application Security options will be found here:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" src=\"\/docs\/vue-images\/mrcappsec01.png\" alt=\"\"\/><figcaption class=\"wp-element-caption\">Figure 1: Application Security &#8211; Off<\/figcaption><\/figure>\n<\/div>\n\n\n<p>To turn on Application Security, click the <strong>Toggle App Security<\/strong> button and ensure the padlock is locked:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" src=\"\/docs\/vue-images\/mrcappsec02.png\" alt=\"\"\/><figcaption class=\"wp-element-caption\">Figure 2: Application Security &#8211; On<\/figcaption><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading\" id=\"configuring-application-security\">Configuring Application Security<\/h3>\n\n\n\n<p>Application Security offers two configurations when it comes to locking down application access. Those options are as follows:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Option 1: <em>Secure All Applications<\/em> &#8211; This is the default configuration. With this option, all applications in the dictionary will be locked down and cannot be ran until the application has been assigned to a role in the security list.<\/li>\n\n\n\n<li>Option 2: <em>Opt-in Applications<\/em> &#8211; This configuration allows all applications in the dictionary to be accessible with the exception of the applications added to the security list. The applications in the security list will only be accessible to the assigned roles.<\/li>\n<\/ul>\n\n\n\n<p>In your dictionary the selected security option can be changed from the Admin -&gt; Dictionary Configuration -&gt; Runtime Application Settings -&gt; <strong>Application Security Mode <\/strong>property, as shown below:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"\/docs\/vue-images\/mrcappsec03.png\" alt=\"\"\/><figcaption class=\"wp-element-caption\">Figure 3. Property for Application Security Mode<\/figcaption><\/figure>\n\n\n\n<p> If this property changed, make sure to restart Tomcat immediately.<\/p>\n\n\n\n<p class=\"wp-block-ht-blocks-messages wp-block-hb-message wp-block-hb-message--withicon is-style-alert\">Regardless of the option selected, Dictionary Security <strong>must <\/strong>be enabled in order to utilize Application Security.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"securing-applications\">Securing Applications<\/h3>\n\n\n\n<p>Assigning an application to the security list can be done from the <strong>Manage Application Security<\/strong> option (Admin -&gt; Menu &amp; Security). This screen appears as follows:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"\/docs\/vue-images\/mrcappsec04.png\" alt=\"\"\/><figcaption class=\"wp-element-caption\">Figure 4. Manage Application Security screen<\/figcaption><\/figure>\n\n\n\n<p>Notice in Figure 4, the selected security configuration will be shown at the top of the window in the blue badge. <\/p>\n\n\n\n<p>To assign an application to Application Security, simply click <strong>Create Security Rule<\/strong> and select the desired app to assign to a user role. <\/p>\n\n\n\n<p class=\"wp-block-ht-blocks-messages wp-block-hb-message wp-block-hb-message--withicon is-style-info\">Creating user roles is done in m-Power&#8217;s built-in menu system,  which is covered in detail <a href=\"\/docs\/knowledge-base\/end-user-menuing#managing-runtime-roles\">here<\/a>.<\/p>\n\n\n\n<p>Using Figure 4 as an example, there are a few applications assigned to different roles. Depending on the security configuration, this screen will be interpreted differently. <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>If utilizing <em>Secure All Applications<\/em> (Option 1) only the sales users can run Retrieval 10 and Report 5. Only Admin users can run maintainer 10. All users can run Retrieval 1. Outside of this, <span style=\"text-decoration: underline;\">all other applications in this dictionary are locked down and cannot be ran by any signed-in user unless the applications are assigned to a role.<\/span><\/li>\n\n\n\n<li>If utilizing <em>Opt-in Applications<\/em> (Option 2) only the sales users can run Retrieval 10 and Report 5. Only Admin users can run maintainer 10. All other applications in the dictionary are accessible by all signed-in users.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-ht-blocks-messages wp-block-hb-message wp-block-hb-message--withicon is-style-success\">With <em>Opt-in Applications<\/em>, an application does not ever need to be assigned to the built-in role of &#8220;ALL USERS&#8221;, as this security option innately implies that all applications <strong>not <\/strong>specified within the security list are accessible to all signed on end-users. <\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Runtime<\/h3>\n\n\n\n<p>When a user runs an application that their role has access to, the user will be brought to the application and see data as normal. If the user attempts to run an application their role does not have access to, the following error will be presented on the screen, informing them they do not have access to run this application.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"\/docs\/vue-images\/mrcappsec05.png\" alt=\"\"\/><figcaption class=\"wp-element-caption\">Figure 5. Application Security error message, informing the user they do not have application access.<\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"other-notes\">Other Notes<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Just like Dictionary Security, Application-Level Security is session-based. That means that every time you log on, the browser can remember who you signed on as, just as it will remember what applications you are allowed to access. <\/li>\n\n\n\n<li>Once you add the application to the App Security Listing and attempt to reload it, you will still not be allowed to run the application unless one of the following occurs:\n<ul class=\"wp-block-list\">\n<li>You manually sign out of the m-Power application and sign back in. <\/li>\n\n\n\n<li>Open a new browser session.<\/li>\n\n\n\n<li>Tomcat is restarted. <\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>For this reason, mrc recommends that you utilize Application Level Security only in production environments, where it is truly needed.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"promoting-to-production\">Promoting to Production<\/h3>\n\n\n\n<p>To promote your application security logic to production, promote the MrcAppSecurity.class and MrcAppSecurity.java files from the Promote to Production utility. Alternatively, you can find these files directly on the m-Power server in ..\/m-power\/mrcjava\/WEB-INF\/classes\/DATA_DICTIONARY_NAME\/ and manually copy them to your production installation. <\/p>\n\n\n\n<p>Ensure to restart production Tomcat after promoting these files.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview Many developers utilize m-Power&#8217;s built-in Dictionary Security, which requires end-users to sign on before running any applications in the data dictionary. This means once a user signs in, they can execute any application inside of that dictionary. Depending on your environment, this level of security may be sufficient. However&#8230;<\/p>\n","protected":false},"author":1,"comment_status":"closed","ping_status":"closed","template":"","format":"standard","meta":{"footnotes":""},"ht-kb-category":[257],"ht-kb-tag":[297],"class_list":["post-1258","ht_kb","type-ht_kb","status-publish","format-standard","hentry","ht_kb_category-security","ht_kb_tag-security"],"_links":{"self":[{"href":"https:\/\/www.mrc-productivity.com\/docs\/wp-json\/wp\/v2\/ht-kb\/1258","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mrc-productivity.com\/docs\/wp-json\/wp\/v2\/ht-kb"}],"about":[{"href":"https:\/\/www.mrc-productivity.com\/docs\/wp-json\/wp\/v2\/types\/ht_kb"}],"author":[{"embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/docs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/docs\/wp-json\/wp\/v2\/comments?post=1258"}],"version-history":[{"count":37,"href":"https:\/\/www.mrc-productivity.com\/docs\/wp-json\/wp\/v2\/ht-kb\/1258\/revisions"}],"predecessor-version":[{"id":13986,"href":"https:\/\/www.mrc-productivity.com\/docs\/wp-json\/wp\/v2\/ht-kb\/1258\/revisions\/13986"}],"wp:attachment":[{"href":"https:\/\/www.mrc-productivity.com\/docs\/wp-json\/wp\/v2\/media?parent=1258"}],"wp:term":[{"taxonomy":"ht_kb_category","embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/docs\/wp-json\/wp\/v2\/ht-kb-category?post=1258"},{"taxonomy":"ht_kb_tag","embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/docs\/wp-json\/wp\/v2\/ht-kb-tag?post=1258"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}