Most users in SystemWeaver are provided with access to all functionality in the swExplorer client. To limit or extend the standard access rights, SystemWeaver uses four Roles. For example, the "Viewer" role will limit access rights to read-only access. The "SW Architect" role will provide configuration rights for views, menu ribbons, etc. With the introduction of Capabilities, users with the Administrator role can now remove access to a number of standard user capabilities in the client using the swAdmin2 client and the Path Query Language. This article describes the capabilities that can be restricted and how to configure the restrictions.
- Capabilities
- Configuring Capabilities
- Creating Roles for Capability Management
- Viewing Action Statistics
Prerequisites
- Assigned the Administrator role in the server.
- Installation of the swAdmin2 client.
Capabilities
The following is a list of Capabilities in the client that Administrators can limit to a sub-set of users.
| Operation | Name |
|---|---|
Printing documents And via Print Preview | PrintDocument |
Saving documents | SaveDocument |
Copying documents * With content height greater than 2000 pixels | CopyDocument |
Printing reports And via Print Preview  | PrintReport |
Saving reports | SaveReport |
Copying report * With content height greater than 2000 pixels | CopyReport |
Setting version text | EditVersionText |
Exporting XML | ExportXML |
Saving XML | SaveXML |
Copying XML * With Content greater than 3000 characters | CopyXML |
Exporting grid to Excel | SaveGrid |
Configuring Capabilities
To limit access to one of the above Capabilities, you must configure access to it for the user or users who should continue to be able to perform the capability. This is done on the Security tab in swAdmin2.
- Click the Edit... button. The Edit Capabilities dialog will appear.
- Enter a configuration using the Path Query Language (a reference guide is available in the swExplorer Help).
- When you have completed the configuration, click OK to save.
Explanation of Configuration Elements
<Capabilities>: All <Capability> configurations should be contained in this tag.
<Capability>: Includes the Path Query Language definition for one capability.
The name attribute specifies the capability. It must be one of those listed above.
The test attribute defines the access right to the capability using a path query.
Example
<Capabilities>
<Capability name="PrintDocument" test="CurrentUser = Owner or CurrentUser.HasRole('SWAR') or CurrentUser.Name = 'admin'"/>
</Capabilities> In the above example, the action of printing documents will only be available to the current user if:
The current user is the Owner of the item OR
The current user has the "SW Architect" role assigned OR
The current user is the admin.
Creating Roles for Capability Management
If the four standard SystemWeaver user roles are not sufficient for your needs, you can create additional roles to further group users.
- On the Roles tab, click Add....
- In the Add Role dialog, enter a unique SID for the role and a Name.
- Click OK to save. You can now assign the role to users as needed.
| Note: The limitation of capabilities is only applicable to swExplorer client sessions. They do not apply to logins via the Client API. |
Viewing Action Statistics
Want to find out who is exporting to XML or printing a document? The TcpSubServer log file offers a configurable option for logging specific user operations and usage statistics. See Working with the Statistics Log.