I am publishing a beta version of the upcoming security changes and improvements. You can download it from here.
User roles are read from the database or Active Directory
In the past the developer had to specify all available roles in the Radzen environment. This made creating roles from the output application impossible. Now a Radzen application starts with no predefined roles. The developer has to run the application, log in with the development admin account and create some roles. Then those roles are available in the Create/Edit page dialogs.
If the application is configured to use Active Directory Radzen will read the roles from your AD server instead.
Existing applications with existing roles will not be affected by this change and no roles will be lost or deleted.
Multiple roles can now access a page
Until now page access could only be set to a single role. Now the developer can pick multiple roles that are authorized to see a page.
The least restrictive role is taken under consideration when determining the current access rules. For example if a page is configured to be accessible to Everybody and Marketing it would end up being accessible by all users.
Admin users can reset user passwords and assign roles
An admin account can create users, set their password and assign roles.
Users can change their password from the profile page
N/A in earlier versions.
The security data source is now using OData
It was using custom REST API beforehand which felt inconsistent. The required page migrations have been implemented and everything should continue to work as expected. Let us know if something breaks though.
Looking forward to your feedback!