How to Test Page and Component Security

Description

If your application has web security enabled, you can verify that security settings are properly configured by publishing your application locally and logging in using user accounts configured with different permissions.

  1. Publish your project to localhost and navigate to the login component or page for your application.

  2. When the Login page appears, try logging in with various user identities. See which pages are available to them.

  3. Navigate to any components that have security restrictions. Test with both users accounts that have permission to access controls and user accounts that do not.

    You can use Live Preview to test your security settings for individual controls or editing permissions (eg, insert, update, and delete access in Grid Components) in components.
  4. If a feature is missing when it should be available or is accessible for a user with insufficient permissions, update the security settings for the component or page and republish the changes.

 Fixing 403 Errors

If you receive a 403 error when accessing a page or component with security enabled, the error indicates that the client does not have sufficient permissions to access the resource. This can happen for the following reasons:

  • The page or component permissions are set to "Always Denied"
  • The page or component requires login and you are not logged in.
  • You are logged in but lack sufficient permissions to view the page or component.

To resolve this issue, verify the security permissions are properly configured for the page or component. If clicking a control to open a page or component resulted in a 403 error, verify that the control's permissions match that of the component or page.

Limitations

Web publishing applications only