API Documentation
Last updated
Was this helpful?
Last updated
Was this helpful?
Represents a security permission in the system. Mapped internally to a Servoy security group which must be defined.
Security role which can have members and can be granted .
Security application session created by a which starts when the user and ends when the user .
Tenant account which is used to segregate all data. and belong to a Tenant.
Application user account associated with a . Security are granted to users through their membership.
Use this method to change the behavior of the svySecurity module with respect to DB transactions.
If the flag is set to false (default) then when saving or deleting security-related records if an external DB transaction is detected the operation will fail. If the flag is set to true then when saving or deleting security-related records the module will start/commit a DB transaction only if an external DB transaction is not detected. On exceptions any DB transaction will be rolled back regardless if it is started internally or externally (exceptions will be propagated to the external transaction so callers will be able to react on them accordingly)
Creates and returns a new tenant with the specified name as a clone of the given tenant. The names of tenants must be unique in the system. The cloned tenant has the same roles and role permissions as the original. When makeSlave is true, the newly created clone will be a slave of the tenant to clone, inheriting all role / permission changes made to the master. WARNING: Cannot call this function when logged in as an user.
Creates and returns a new tenant with the specified name. The names of tenants must be unique in the system.
Immediately and permanently deletes the specified tenant and all records associated with it, including all users and roles. Tenant will not be deleted if it has users with active sessions. If the deleted tenant is a Master tenant and is a slave of another master tenant, this operation will replace the master tenant of it's direct slaves with the master of the tenant that is deleted; If the delated tenant is a Master tenant and has no Master tenant, this operation will remove the master from all it's direct slaves.
Gets all active sessions for the application.
Gets a permission by its unique permission name.
Gets all permissions available in this application.
Gets a role by the specified role name and tenant name. If tenant name is not specified will use the tenant of the user currently logged in the application, if available.
Gets the number of all unique sessions which have ever been initialized in the application. This includes both active sessions (for users currently logged in the application) and inactive sessions (sessions from the past which have already been closed).
Gets a tenant by its unique tenant name. If tenant name is not specified then will return the tenant of the currently logged in user. If tenant name is not specified and no user is currently logged in then will return null.
Gets all tenants in the system.
Gets a user by the specified username and tenant name. If username is not specified will return the user currently logged in the application, if available.
Gets all users in the system.
Gets the version of this module
Utility to sync permission records to the internal, design-time Servoy Security Groups. This should be called on solution import or on startup This action will create new permission records.
NOTE: This action will not delete permissions which have been removed from internal security. Design-time groups should never be renamed. They will be seen only as an ADD and will lose their tie to roles.
Represents a security permission in the system. Mapped internally to a Servoy security group which must be defined.
Grants this permission to the specified role. The permission will be granted to all users that are members of the specified role. If the tenant of this permission is a master tenant, the role will also be added to the same permission for all the slaves of this permission tenant. You cannot grant permission to role of a master tenant when logged in as an user. You cannot grant permission to role of a slave tenant at anytime.
role
The role object to which the permission should be granted.
String
Returns: String
- The display name of the permission. Can be null.
String
Gets the name of this permission. The permission name is unique in the system and matches a Servoy security group name.
Returns: String
- The name of the permission.
Gets all the roles to which this permission is granted.
Gets all users whom this permission is granted to via the users' role membership.
Boolean
Checks if this permission is granted to the specified role.
Returns: Boolean
- True if this permission is granted to the specified role.
role
The role object or the name of the role to check.
Removes this permission from the specified role. The permission will no longer be granted to all users that are members of the specified role. If the tenant of this permission is a master tenant, the role will also be removed from the same permission for all the slaves of this permission tenant. You cannot remove permission from role of a master tenant when logged in as an user. You cannot remove permission from role of a slave tenant at anytime.
role
The role object or the name of the role to remove.
Sets the display name of this permission.
[displayName]
String
The display name to use.
record
[ 'JSRecord' ].<permissions>
Grants the specified permission to this role. Any users that are members of this role will be granted the permission. If the tenant of this role is a master tenant, the permission will also be added to the same role in all slaves of this role tenant. You cannot grant permission to role of a master tenant when logged in as an user. You cannot grant permission to role of a slave tenant at anytime.
permission
The permission object or name of permission to add.\ Throws an exception when permission cannot be grant.
Adds the specified user as member of this role. All permissions granted to this role will be granted to the user.
user
The user object or username of user to add. The user must be associated with the tenant of this role.
String
Gets the display name of this role.
Returns: String
- The display name of this role. Can be null.
String
Gets the name of this role. The role name is unique to the associated tenant.
Returns: String
- The role name.
Gets all the permissions granted to this role.
Gets the tenant which this role belongs to.
Gets all the users who are members of this role.
Boolean
Checks if the specified permission is granted to this role.
Returns: Boolean
- True if the specified permission is granted to this role.
permission
The permission object or name of permission to check.
Boolean
Checks if the specified user is a member of this role.
Returns: Boolean
- True if the specified user is a member of this role.
user
The user object or username of user to check. The user must be associated with the tenant of this role.
Removes the specified permission from this role. The permission will no longer be granted to all users that are members of this role. If the tenant of this role is a master tenant, the permission will also be removed from the same role in all slaves of this role tenant. You cannot remove permission from role of a master tenant when logged in as an user. You cannot remove permission from role of a slave tenant at anytime.
permission
The permission object or name of permission to remove.
Removes the specified user from the members of this role. All permissions granted to this role will no longer be granted to the user.
user
The user object or username of user to remove.
Sets the display name of this role. If the tenant of this role is a master tenant, the displayName will be set to the same role in all slaves of this role tenant. You cannot set the display name to role of a master tenant when logged in as an user. You cannot set the display name to role of a slave tenant at anytime.
displayName
String
The display name to use.
record
[ 'JSRecord' ].<roles>
Number
Gets the session duration in milliseconds (as updated in the database)
Returns: Number
- The Servoy Client ID associated with the session.
Note: The session duration is updated on each "client ping" which by default is once per minute
Date
Returns: Date
- The end date/time of this session.
String
Gets the internal unique ID of this session. This matches the Servoy Client ID as seen in the Servoy App Server admin page.
Returns: String
- The internal unique ID of this session.
String
Gets the client IP address of the session.
Returns: String
- The client IP address of the session.
String
Gets the Servoy Client ID associated with the session (as shown on the Servoy app server admin page).
Returns: String
- The Servoy Client ID associated with the session.
Note: Multiple user sessions can have the same Servoy Client ID if the client is not closed between different logins (for NG/Web clients this requires complete closing of the browser and not just a tab).
String
Gets the name of the Servoy solution that was accessed by this session
Date
Returns: Date
- The start date/time of this session.
String
Gets the name of the tenant associated with this session. It will be available even if the associated tenant account is deleted.
Returns: String
- The name of the tenant associated with this session.
String
Gets the client user agent string of the session. The user agent string will be null if the session was not browser-based.
Returns: String
- The client user agent string of this session. Can be null.
String
The username of the user associated with this session. It will be available even if the associated user account is deleted.
Returns: String
- The username of the user who created this session.
Boolean
Returns: Boolean
- True if this session was not terminated/closed normally, but has timed out due to inactivity.
Boolean
Indicates if this session is still active.
Returns: Boolean
- True if the session has not been terminated and has not been inactive for longer than the session inactivity timeout period.
Boolean
Returns: Boolean
- True if the session was terminated/closed normally or by timeout from inactivity.
record
[ 'JSRecord' ].<sessions>
Creates a role associated with this tenant using the specified role name. If this is a Master Tenant the created role will be added to all slaves of this Tenant. Cannot create role for a master tenant when logged in as an user.
name
String
The name of the role to be created. Must be unique to this tenant.
Creates a slave of this tenant with the given name. Modifications to roles and permissions of this tenant will be propagated to all of its slaves.
WARNING: Cannot call this function when logged in as an user.
name
String
The name of the tenant. Must be unique and no longer than 50 characters. Throws an exception if this function is called when logged in as an user.
Creates a user with the specified user name.
userName
String
Must be unique in system.
[password]
String
The password to use for the new user.
Deletes the specified role from this tenant. All associated permissions and grants to users are removed immediately. Users with active sessions will be affected, but design-time security (CRUD, UI) will not be affected until next log-in.
If this is a Master Tenant the deleted role will be deleted also for all slaves of this Tenant. Cannot delete role of a master tenant when logged in as an user.
role
The role object or name of role to be deleted. The role must be associated with this tenant. throws an exception if the role cannot be deleted.
Boolean
Immediately and permanently deletes the specified user and all security-related records associated with it. The user will not be deleted if it has active sessions.
Returns: Boolean
- True if the user is deleted, otherwise false.
Note: USE WITH CAUTION! There is no undo for this operation.
user
The user object or the username of the user to be deleted. The specified user must be associated with this tenant.
Gets the active sessions for users associated with this tenant. This includes any sessions from any device and any location for users associated with this tenant.
Note: Any unterminated sessions are deemed to be active when they have not been idle for more than a set timeout period.
String
Returns: String
- The display name of this tenant. Can be null if a display name is not set.
Date
Returns: Date
- The date/time when the lock expires. Can be null. The date/time is using the Servoy application server timezone.
String
Returns: String
- The lock reason. Can be null.
String
Gets the name of this tenant. Tenant names are unique in the system and are specified when the tenant is created.
Returns: String
- The name of this tenant.
Gets a role by name unique to this tenant.
name
String
The name of the role to get.
Gets the roles associated with this tenant.
Number
Gets the number of all unique sessions which have ever been initialized in the system by users associated with this tenant. This includes both active sessions (for users currently logged in the application) and inactive sessions (sessions from the past which have already been terminated).
Returns: Number
- The number of all sessions (active and inactive) for users associated with this tenant.
Gets all slaves of this tenant When recursive is true, all slaves of this tenant's slaves are included WARNING: Cannot call this function when logged in as an user.
Throws an exception if this function is called when logged in as an user.
Gets the user (associated with this tenant) specified by the username.
userName
String
The username of the user.
Gets all users for this tenant.
Boolean
Returns: Boolean
- True if the tenant account is currently locked and the lock has not expired.
Boolean
Returns true if this Tenant is a master (template) tenant WARNING: When the user is already logged, can call this function only for the tenant of the logged user; cannot call this function for other tenants when logged in as an user.
Returns: Boolean
- isMasterTenant Whether this tenant is a master to other tenants
Throws an exception when logged in as an user and called for another tenant than the tenant of the logged user.
Boolean
Returns true if this Tenant is a slave tenant
Returns: Boolean
- isMasterTenant Whether this tenant is a master to other tenants
Locks the tenant account preventing its users from logging in. The lock will remain in place until it expires (if a duration was specified) or it is removed using {Tenant#unlock}. Users with active sessions will be unaffected until subsequent login attempts. Can be called even if the tenant is already locked. In such cases the lock reason and duration will be reset.
[reason]
String
The reason for the lock.
[duration]
Number
The duration of the lock (in milliseconds). If no duration specified, the lock will remain until {Tenant#unlock} is called.
Sets the display name of this tenant.
displayName
String
The display name to use.
record
[ 'JSRecord' ].<tenants>
The database record where the tenant account information is stored.
Adds this user as member of the specified role and grants the user all permissions which the role has.
role
The role object or role name to use. The role must be associated with the tenant of this user.
Boolean
Returns: Boolean
- True if the specified password matches the password of this user.
password
String
The password (plain-text) to check.
String
Returns: String
- The generated access token.
[duration]
Number
The duration of token validity in milliseconds. Default is 30 minutes in future.
Gets the active sessions this user. This includes any sessions from any device and any location for this user.
Note: Any unterminated sessions are deemed to be active when they have not been idle for more than a set timeout period.
String
Returns: String
- The display name of this user.
String
Returns: String
- The email of this user.
Date
Returns: Date
- The date/time when the lock expires. Can be null. The date/time is using the Servoy application server timezone.
String
Returns: String
- The lock reason. Can be null.
Gets all the roles that this user is member of.
Number
Gets the number of all unique sessions which have ever been initialized in the system by this user. This includes both active sessions (for users currently logged in the application) and inactive sessions (sessions from the past which have already been terminated).
Returns: Number
- The number of all sessions (active and inactive) for this user.
Returns the tenant that owns this user account.
String
Gets the username of this user which was specified when the user was created. The username cannot be changed after the user is created and is unique to the associated tenant.
Returns: String
- The username of this user.
Boolean
Returns: Boolean
- True if the user has been granted the specified permission.
permission
The permission object or permission name to check.
Boolean
Checks if this user is a member of the specified role.
Returns: Boolean
- True if the user is a member of the specified role.
role