Widgets Security

Once a widget is launched, all operations performed by it inherit permissions of the user that has started it. For example, if user Joe starts a widget owned by the default administrator, the widget will have Joe's limited permissions. However, if the administrator starts any of Joe's widgets, the widget will have unrestricted permissions, introducing potential security risk if Joe is not a trusted user.

Unlike many old generation automation and control systems, Iotellect doesn't provide any UI-level access control settings to avoid non-secure client-side access checks. However, it's possible to make behaviour of the widget UI dependent on the permissions of the current user. Use expression language functions to check whether certain contexts and their variables/functions/events are available for the current user and modify UI behaviour accordingly (e.g. hide/disable buttons, etc.):

Use available() function to check whether a certain server context exists and is available for the current user
Use hasVariable(), hasFunction() and hasEvent() to determine whether a corresponding variable/function/event exists in the specified context and is available

DPF_EXPORT_V5.8.8 / TIME_1743710534 / 2025-04-03 20:02:14 / STRLEN_1796 / STRLEN_HTML_1745

{VERSION}

Was this page helpful?