I’ve set-up a fairly robust set of page-level permissions for our app. Am wondering if there’s a way to have these trigger before any other content is loaded on sensitive pages, such as admin-only pages?
I realize I can use database security and element conditions to keep information private. Would prefer to use page level security instead of element-level conditions though since it’s easy to set-up and much easier to maintain. And, want 2 layers of security so DB will be the second.
Thanks!
Scott
I am not exactly sure, but it seems to me that a simple redirection using the “goto page” action on a workflow triggered by “when page is loaded” should do the job, right ?
I think that then the redirection will happen before the content is displayed to the user
My understanding is that the “when page is loaded” is triggered after all of the content is loaded. As such, users can click the “x” in their browser to stop loading the page and then look around at all of the content on the page. Plus, search spiders, etc. can likely grab the content even if we want it private.
You are right I guess.
To me the best solution is still to set the data privacy rules.
It is harder to maintain and need to check all possible cases, but it is safe and does not need a second layer of security.
I think that setting privacy rule on a page level would be wrong : users would still have ways to access the data if the data privacy rules are not set. Setting permission at the page level would not prevent that. Instead, it would cause several flaws in you rsecurity because you could be assuming that if this page that displays this data is safe, then this data is safe, which is wrong.
Per my original post, we’re planning on having 2 layers of security: 1) DB 2) Page Level.
If we can’t get page-level to work, then we may have to do element and workflow restrictions instead, which is much more time consuming to set-up and maintain. Either way, we’ll definitely have DB security, but don’t want to rely on a single layer of security.
2 Likes
