Which Menu Function Methods should have ANONYMOUS Access and Why?

Applies to: VC/m 3.0

VC/m's menu functions are subject to access controls. VC/m will not invoke the server-side method corresponding to a menu function unless the user has appropriate access rights.

If a menu function has access restrictions, it will only be run if the user has sufficient access rights (eg User.fnDelete may be restricted to users with an access code of MANAGER).

By default all authenticated users have rights to access all unrestricted menu functions. Conversely an unauthenticated user has no access to any menu functions at all.

In order for a user to be authenticated they have to run a server-side authentication method, but unauthenticated users can't run any server-side methods. So to negotiate this conumdrum, unautheticated users are allowed to run methods which have the special access right ANONYMOUS.

In VC/m there are a very small number of methods that can be run by a user who is not (or not yet) authenticated. These are mainly those responsible for getting the user authenticated (such as serving up the authentication dialog).

In VC/m 3.0 the following menu functions should have ANONYMOUS access in order to allow users to get connected to the system:

To serve up the applications main window:

• ServerLink.fnHidden
• Main.fnOpen
• Main.fnOpenMain

To serve up the authentication (username /password) dialog:

• Connect.fnOpen
• Connect.fnOpenMain

To authenticate with the server:

• Connect.fnConnect
• Connect.fnConnectAs
• Connect.fnDisconnect

If VC/m is configured to use integrated web-server authentication (our recommended configuration for IIS), the ConnectAs method still allows a user to log in as a different VC/m user. This can be controlled by changing the access rights on the Connect.ConnectAs method. If it is set to NOBODY (assuming that no users have an access right named NOBODY), no user will be able to connect as another user at any time.

It is often desirable for system administrators to be able to connect as another user for support purposes (for example, to test a change to configuration settings). In this case giving Connect.ConnectAs an access code of, say, ADMINISTRATOR, will restrict access to only those users with VC/m ADMINISTRATOR rights.

Last reviewed: Nov 8, 2004

Back to top

Copyright 1997, 2005 George James Software.