CAF: Security Roles

Hi all,

Question to CAF/Portlets regarding security roles:

How can we grant/deny edit rights in a CAF view (portlet)?

E.g. one part of the users shall have edit rights, the other part of the users shall only be allowed to view the data.

As far as I know MWS can only grant or deny access for complete views via groups and roles. But CAF offers a special security binding …

What is your advice to implement edit rights for editable controls?


Not Sure If I got you right but you want some of your users to be able to edit values in controls and some of them to not. If yes, you can have variables in CAF view bound to the ‘read-only’ property of control which changes values(true/false) based on the user which has logged in.
let me know if this helps.

Hi Anjini,

Thanks for your answer. You’re right, some of your users shall be able to edit values in controls and some of them to not.

Your suggestion is that we store the permissions inside a session and bound it to the editable controls via EL expressions, right? This is how we solved the problem with JSF before – but with a security filter.

The problem is: How to admin the rights according to MWS groups / roles? Say, you have a group edit_users and a group non_edit_users.

How does our CAF app know that a user which belongs to edit_users are allowed to edit values on several views? We can retrieve the group and map the permissions – but is this the common approach in CAF?


yes this is the approach when you want control wise restrictions on your view. If you don’t want to complicate it in a single view, have 2 different views of which one has all the read-only controls and other has editable controls.
Not to forget this way your code maintenance increases and development time too.