Define permissions and sample data
It's worth noting that you actually have a choice here. Defining the permission model up-front is technically more efficient because you can assign Permission Roles to individual records, fields, views, and processes in a single pass as you build them out. However, it's also true that as long as you are willing to test your application only as an Administrator, then you could always postpone setting up roles and Functional Roles until after the application is developed. So, if you skip this part of the tutorial for now, that's fine but do remember that it will not be enabled for other users until you come back and revisit this topic.
That said, assuming you want to set up permissions at the beginning, let's dive in. Recall the access control model we determined we needed during analysis:
This consists of setting up permission roles and functional roles as part of the application, and also creating (or importing) some sample test data. As mentioned previously, you can choose to skip this lesson for now, but this means that your application will only be able to be run by someone with Administrator permission. You can always choose to do this later and revisit your definitions to apply permissions when ready to do multi-user testing.
Create permission roles
Let's do this first, since functional roles need to be mapped to these.
- Go to the Administration area of BMC Helix Innovation Studio.
- In the Settings list, go to Server settings > Application permissions > Role permissions.
- Click New.
- Specify the properties for an Order Submitter role as described in the preceding logical model.
- Application Name — This must match the application ID that was set when you first created the application (it is generally in the format developerid.application-short-name). If you used the install package to catch up, it will be Lunch Time.
- Role Name — Order Submitter.
- Role ID — you can specify any id as long as it is negative, unique, and in a very large range as it will prompt you. For more complex applications you should think about what kind of system to use to maintain these.
- Group Mapping - you can leave these blank, since we are going to map these Permission Roles to Person via Functional Roles.
- Save it.
- Repeat for Restaurant Manager.
Functional roles
Although our permission roles can be specified for our definitions, as mentioned above, they can't be mapped directly to our test users. That's what the functional roles are for.
- Go to the Administration area of BMC Helix Innovation Studio.
- In the Settings list, go to Server settings > Application permissions > Functional roles.
- Click New.
- Specify the properties for Meal Program Member:
- Application Name—same as used above.
- Functional Role Name— Meal Program Member.
- Description—up to you.
- Selected Role—This is where you map the permission roles for this functional role. Search for Order Submitter and select it.
- Save.
- Repeat to complete all the mappings needed according to the diagram: Meal Program Administrator and Meal Program Manager.
Functional Role | Mapped to Role |
|---|---|
Meal Program Member | Order Submitter |
Meal Program Administrator | Order Submitter, Restaurant Manager |
Meal Program Manager | Restaurant Manager |
Test yourself: Why do we need to map the Permission Role for Person Read for this particular application?
When you are done, the Functional Roles list should look like this, matching our diagram.
Import Test Data
The application's access control model is complete, but for any kind of testing, you will also need People and Company records. You can create these manually, or as a short-cut, you can use the Deployment Management Console (D2P) to import them from the provided for this tutorial.
Download the D2P foundation data that contains the following Foundation data:
- Company Test Meal,
- Site Santa Clara for the Test Meal Company,
- 3 People,
The use of the Deployment Management Console is fully described in Packaging and deploying a custom application.
- Log in the Mid-Tier as an Administrator, and go to Applications > AR System Administration > AR System Deployment Management Console.
- Click on Transfer Package > Import and select the file LunchtutorialFoundationpackage_1.0.zip.
- Select the package in the grid and click on Operations > Deploy.
- The package should be now Deployed.
You can verify in BMC Helix Foundation data that the Company, Site and People are created:
- Company: Applications > Administrator Console > Application Administration Console > Standard Configuration (configuration for Company)
Verify that the Test Meal Company is in the Company list.
- Site: Applications > Administrator Console > Application Administration Console > Standard Configuration (Location)
Verify that the Test Meal Company has the Santa Clara site.
- People: Applications > Administrator Console > Application Administration Console > Standard Configuration (People)
Verify that there are three people in the Test Meal Company.
If there are any errors during the deployment of the D2P package, you can use Administration > View Activity Log to have more details:
Sometimes, even if the status is Deployed, there still could have been errors on a particular entry. One common reason is when the D2P package has been imported several times, some entries might error out. You can remove the sample data using the D2P Rollback feature, (Operations > Rollback).
If you did not wish to use the Deployment Management Console to import the sample Foundation data, you will need to manually create the different Foundation data:
- Company: Test Meal, type Operating Company.
- Site: Santa Clara (Country United States, State California, City Santa Clara). Assign the Santa Clara Site to the Test Meal Company.
People: Create three People.
First Name
Last Name
Company
Site
Phone number
Corporate ID
Job Title
Leon
Krantz
Test Meal
Santa Clara
1 5554321234
901235
Facilities Manager
Li
Po
Test Meal
Santa Clara
1 5554324369
901236
Department Administrator
Maria
Vasquez
Test Meal
Santa Clara
1 5554325693
901234
Admin Assistant
Assign functional roles
Now that you have some People, you can assign them the functional roles called for in our design. To map a functional role, find the People record going in Applications > Administrator Console > Application Administration Console > Standard Configuration.
Select the Test Meal Company and then View in People:
For each People from the Test Meal Company, we need to:
- Add a Login ID, Password and License in the Login/Access Details tab,
First Name | Last Name | Login ID | Password | License |
|---|---|---|---|---|
Leon | Krantz | lkrantz | P@ssw0rd | FLoating |
Li | Po | lpo | P@ssw0rd | FLoating |
Maria | Vasquez | mvasquez | P@ssw0rd | FLoating |
- Add Functional Role(s) of our Lunch Catering application in the Login/Access Details > IS Personas tab,
Click on Save.
Repeat this as needed to make the test data match our access control diagram. For example, Maria would be given the Meal Program Member functional role.
First Name | Last Name | Job Title | Functional Role(s) |
|---|---|---|---|
Leon | Krantz | Facilities Manager | Meal Program Administrator |
Li | Po | Department Administrator | Meal Program Administrator Meal Program Member |
Maria | Vasquez | Admin Assistant | Meal Program Member |
What we Learned
There are quite a few useful things you have now tried out.
- Prepared the permission roles so you can use these while creating the definitions in a single pass (otherwise, you would have to go back and apply them after development).
- Learned about functional roles, which is a great way to bind specific users to permissions, and even works across Applications and Libraries.
- You learned about the Deployment Management Console.
- You used the built-in Foundation data editors to assign functional roles to People records.