Most users in SystemWeaver are provided with access to all functionality in the swExplorer client. To limit or extend the standard access rights, SystemWeaver uses four Roles. For example, the "Viewer" role will limit access rights to read-only access. The "SW Architect" role will provide configuration rights for views, menu ribbons, etc. With the introduction of Capabilities, users with the Administrator role can now remove access to a number of standard user capabilities in the client using the swAdmin2 client and the Path Query Language


Prerequisites

  • Assigned the Administrator role in the server.
  • Installation of the swAdmin2 client.


Capabilities

The following is a list of Capabilities in the client that Administrators can limit to a sub-set of users. 


OperationName
Printing documents

And via Print Preview
PrintDocument
Saving documents

SaveDocument
Copying documents

CopyDocument
Printing reports

And via Print Preview
PrintReport
Saving reports

SaveReport
Copying report

CopyReport
Exporting XML

ExportXML
Saving XML
SaveXML
Copying XML

CopyXML
Exporting grid to Excel

SaveGrid

Configuring Capabilities

To limit access to one of the above Capabilities, you must configure access to it for the user or users who should continue to be able to perform the capability. This is done on the Security tab in swAdmin2. 



Click the Edit... button. The Edit Capabilities dialog will appear. Enter a configuration using the Path Query Language (a reference guide is available in the swExplorer Help). 


<Capabilities>: All <Capability> configurations should be contained in this tag. 

<Capability>: Includes the Path Query Language definition for one capability. 

The name attribute specifies the capability. It must be one of those listed above. 

The test attribute defines the access right to the capability using a path query. 


Example


<Capabilities>
  <Capability name="PrintDocument" test="CurrentUser = Owner or CurrentUser.HasRole('SWAR') or  CurrentUser.Name = 'admin'"/>
</Capabilities>

In the above example, the action of printing documents will only be available to the current user if:

The current user is the Owner of the item OR 

The current user has the "SW Architect" role assigned OR 

The current user is the admin.


When you have completed the configuration, click OK to save. For the configuration to take effect, log out of the swAdmin2. 


Creating Roles for Capability Management

If the four standard SystemWeaver user roles are not sufficient for your needs, you can create additional roles to further group users.


On the Roles tab, click Add....

In the Add Role dialog, enter a unique SID for the role and a Name. Click OK to save. You can now assign the role to users as needed.


Note: The limitation of capabilities is only applicable to swExplorer client sessions. They do not apply to logins via the Client API.