"Out Of The Box" Security

I'm new to Radzen.... and exploring its capabilities.

One thing I couldn't find was "out of the box" security for the tables... like I've used with other tools.

I could go on and give some User Stories.

But, I think it would be easier to share a link to a description on how another tool implements it. PHP Maker is a good example at the following...

Tutorial - Advanced Security - Dynamic User Level Security

What I love about this is... It is simple to get up and running with row level security... and it can be changed on the fly.

This is especially nice for the "not so technical" users...

Right now, this is the "showstopper" keeping me from using Radzen for all of my projects...

Hi @JohnSmith,

We have actually built-in security using .NET Core Identity:

and Active Directory support:

In my opinion Radzen default security is much easier since you do not have to deal with your database schema at all - everything can be setup quickly from Radzen UI.

Best Regards,
Vladimir

Vlad,

I appreciate you getting back to me...

Did you get a chance to look at the link I posted?

It goes far beyond "basic" security... and keeping users from accessing a form... based on a role.

It implements row level security....

This has been a requirement for every web app I've built over the past two decades...

Users can only see their rows... and they cannot see other users' rows.

Managers can see their rows and their team members' rows...

Administrators can see all the rows...

I could go into all the details... But, the link I posted will save me from repeating it all here.

If I'm missing something, I'd love to hear how Radzen implements Advanced Security - Dynamic User Level Security including Static and Dynamic User Levels like PHP Maker "out of the box."

In the end, this is one wheel I don't want to "reinvent." :slight_smile:

Thanks,

John

Hi John,

You are right! I’ve missed the row level security - we do not have that.

We will check carefully the implementation you’ve referred and we will do our best to improve our own security!

Thank you very much once again for your feedback!

Have a great day!
Vladimir

Vlad,

One more thing.... :smile:

I would ask when this is added to Radzen.... Please... Please... Please implement it like PHP Maker did.

I've used a couple other tools that require you to manually "hard code" it directly in each and every form in the "code generator's" UI...

These were tedious.... I needed to go into every form... copy and paste the new code...

These were inflexible.... every time a change needed to be made... I needed to go into every form... copy and paste the updated code... recompile... and redeploy.

These made me want to pull my hair out.... really.

I wasted dozens of hours because they didn't really think through the process... or how much work it would create... It totally blows my mind they didn't look at PHP Maker to see how others implemented this in their "code generator's" UI.

Ideally, I would like to see a concept very similar to PHP Maker's "Advanced Security - Dynamic User Level Security" in Radzen.... It makes it very easy for Developers and App Administrators.

Thanks,

John

1 Like

I'm an Enterprise license holder.... I need to do the same thing as John for a new client.... with Blazor... not Angular.

Do we have an ETA on this functionality?

Hi,

We haven’t started working on such features for Blazor and we will gladly discuss with you the possibilities. You can send us mail at info@radzen.com.

Best Regards,
Vladimir

Hello,

I'm interested in purchasing Radzen... But, this is a massive "hole" in Radzen.

For any publicly "facing" web application, this functionality is a must... not a "nice to have." I need row level security.

I'm wondering where this is on the Roadmap.

Thanks,

SteelPhantomDude

@SteelPhantomDude there are plenty of publicly facing web applications that don't have row-level security - you are browsing one at the moment :slight_smile:

This isn't currently on the Roadmap. Still it is very easy to implement with a few lines of code and is mentioned in our Complete application tutorial. Here is an example:

partial void OnOpportunitiesRead(ref IQueryable<Opportunity> items)
{
    var userId = security.User.Id;
    // Filter the opportunities by the current user's id
    items = items.Where(item => item.UserId == userId);
}

korchev,

This forum definitely has row level security.... :smiley:

If it did NOT, I could then edit your posts... or anyone else's posts. It would be a total screwed up mess.... :scream:

Someone could go in and replace each and every post with.... I LOVE PRESIDENT TRUMP. Some people may like it. Even if they love Trump, most will not like all of the posts "disappearing." :cowboy_hat_face:

The way the forum is setup, I can add and edit my own posts..... I can view other's posts... An Admin may be able to edit and delete all users posts as well...

But, users cannot "randomly" edit other's users posts... or delete them because of row level security.

This underscores exactly how important this is... in the real world of public facing web applications.

Role level security... the only way Radzen implements security... may be feasible for some small internal business applications... But, for real world public facing web applications... It leaves massive security holes.

Imagine... if this forum implemented security like Radzen allowing all those in the user role to add, update and delete ALL posts... It would be total chaos!

I understand there are methods for filtering records in classes. But, that is creating way more manual work for each table than is really needed when compared to how elegantly an inexpensive tool ($299.95) such as PHPMaker does it.

While I understand there is a ton of emphasis on the "UI Builder" of Radzen, I'm disappointed that Radzen at $599 is still missing functionality... 16 months after it was initially brought to light.

SteelPhantomDude

I guess you didn't read my response completely as it shows the one line of code that implements "row level security" as you understand it.

Anyway it seems that you have found a solution (PHPMaker) that meets your requirements in terms of features and pricing! Glad to hear that. Locking this thread now as there is nothing more to add.

1 Like