Access Rules¶
Access Rules allow administrators to define runtime access control rules that determine which roles can access which views in the application. Unlike access requirements defined in the application code at development time, Access Rules let administrators modify access requirements dynamically, without code changes or an application redeployment.
Overview¶
The Access Rules feature is the most distinctive aspect of User Manager. It provides administrators with a flexible, rules-based system for controlling view accessibility based on user roles.
Accessing the Access Rules View¶
The Access Rules view is one of the administrator views provided by User Manager. The way it is reached from the navigation depends on how the host application organizes its menu.
Rules Listing¶
The Rules Listing displays all configured access rules in a grid format with filtering and management capabilities.
Filter Options¶
Above the grid, several filters allow administrators to narrow down the displayed rules:
- Rule Id: Text field that filters rules by ID using a contains match
- Type: Dropdown to filter rules by type (Simple, Starts with, Ends with, Contains, Regex)
- Necessary roles: Multi-select combo box to filter rules by required roles
- Disallowed roles: Multi-select combo box to filter rules by disallowed roles
Once any filter has a value, the Filter and Clear buttons appear. The Filter button applies the current filter selections, and Clear resets all filters.
The New rule button (primary button on the right) opens the rule creation dialog.
Grid Columns¶
The rules grid displays the following columns:
- Id: Numerical identifier of the rule
- Rule: The rule type and its specification (view names for SIMPLE type, URL pattern for others)
- Order: Priority number that determines the evaluation order of rules
- Views reached: Count of application views affected by this rule
- Necessary roles: Role badges showing roles that are required for access
- Disallowed roles: Role badges showing roles that are prevented from accessing
- Description: Free text description of the rule's purpose
- Actions: Dropdown menu providing Edit and Delete options
Reordering Rules¶
Rule priority is changed by dragging rows to a new position in the grid. Drag a row and drop it between two other rows; the Order column updates automatically to reflect the new priority sequence.
Rules are evaluated from the lowest to the highest Order value, so dragging a rule toward the top of the list raises its priority.
Creating a Rule¶
To create a new access rule, click the New rule button in the Rules Listing. The rule creation dialog opens.
Rule Creation Dialog¶
The creation dialog contains the following fields and sections:
Show advanced options (collapsed by default)¶
When expanded, the Show advanced options accordion reveals:
- Order: Integer field specifying the rule's priority. Required field, must be greater than 0. Rules are evaluated in order from lowest to highest Order value.
- Rule: Combo box for selecting the rule type, with the following options:
- Simple
- Starts with
- Ends with
- Contains
- Regex
When the accordion is collapsed, the rule type defaults to Simple.
Rule Specification¶
The fields in this section depend on the selected rule type:
For Simple type: - Views: Multi-select combo box showing all available application views. Select the specific views to which this rule applies.
For Starts with, Ends with, Contains, and Regex types: - Text pattern: Text field for entering the URL pattern that matches view paths - Consider parameters: Checkbox (visible for Ends with, Contains, and Regex types; not available for Starts with). When checked, URL parameters are included in pattern matching.
Access Control¶
- Necessary roles: Multi-select combo box to select roles that are required for access to the matched views. Users must have at least one of these roles to access the view.
- Disallowed roles: Multi-select combo box to select roles that are explicitly denied access to the matched views. Users with any of these roles cannot access the view.
Validation: At least one necessary role or disallowed role must be specified.
Description¶
- Description (optional): Text area for entering a human-readable description of the rule's purpose and behavior.
Dialog Buttons¶
- Cancel: Closes the dialog without saving changes
- Save: Creates the rule with the specified configuration
Rule Types Explained¶
Simple: Select specific views from a dropdown list. This type provides precise control over individual views.
Starts with: Match views whose URL path starts with the given pattern. Useful for controlling access to an entire section of the application.
Ends with: Match views whose URL path ends with the given pattern. Include or exclude URL parameters using the Consider parameters checkbox.
Contains: Match views whose URL path contains the given pattern anywhere in the path. Include or exclude URL parameters using the Consider parameters checkbox.
Regex: Match views whose URL path matches the given regular expression pattern. Include or exclude URL parameters using the Consider parameters checkbox. This type provides the most flexible pattern matching.
Editing a Rule¶
To edit an existing rule:
- In the Rules Listing, click the Actions dropdown menu for the rule
- Select Edit
The rule editing dialog opens with all current values populated. This dialog is identical to the creation dialog, with the addition of a Delete button.
Dialog Buttons¶
- Delete: Permanently removes the rule (error style, left side). Opens a confirmation dialog.
- Cancel: Closes the dialog without saving changes
- Save: Saves changes to the rule configuration
Current User Access Warning¶
If saving a rule would cause the current administrator to lose access to the Access Rules view itself, a warning dialog appears. This dialog displays the potential consequence and asks for confirmation before proceeding. This safeguard prevents administrators from accidentally locking themselves out of rule management.
Deleting a Rule¶
To delete a rule:
- In the Rules Listing, click the Actions dropdown menu for the rule
- Select Delete
Or, if editing the rule, click the Delete button in the rule editing dialog.
A confirmation dialog appears displaying:
- The rule ID and type
- The rule specification
- The affected views count
- The necessary and disallowed roles
Rule Deletion is Permanent
Deleting a rule cannot be undone. The rule is permanently removed from the system. Any access control previously provided by the rule will no longer apply.
Rule Evaluation Order¶
Rules are evaluated in the order specified by their Order value, from lowest to highest. The evaluation process:
- Rules are processed sequentially by Order value
- The first matching rule that applies to the accessed view determines access
- If no rules match, default access control applies
Therefore, more specific or higher-priority rules should typically have lower Order values, ensuring they are evaluated first.
Best Practices¶
- Use descriptive names: Include clear, descriptive text in the Description field to explain the rule's purpose
- Plan rule order: Arrange rules strategically by Order to ensure correct evaluation sequence
- Document complex patterns: For pattern-based rules (Starts with, Ends with, Contains, Regex), provide examples in the description
- Regular review: Periodically review rules to ensure they still match current access requirements
- Test changes: After creating or modifying rules, verify that access works as intended for affected user roles
- Avoid conflicting rules: Ensure that necessary roles and disallowed roles do not create conflicting access requirements across multiple rules




