A new screen was added: SmartContextStoreDesktop.
This screen allows the user to list user sessions from the database and lock a selected user session form the grid.
As a backend entity, it uses Consultingwerk.SmartFramework.Context.ContextStoreBusinessEntity.
For now, by default, all user sessions are available in the grid, for all users and all domains.
If you decide to make the screen available in the application, you should restrict access to it using the Security Desktop first.
You can restrict access to the screen/sessions from the Security Assignment Tab in the Security Desktop.
Here, there are two things you can set:
1) The Access to the Screen itself. This is done through the use of the SMF (Smart Menu Function) token.
Create a new security assignment with
- Security Realm: SMF
- Security Item: Name-of-the-function-which-launches-desktop
- Restricted: true/false
Based on the desired access, you can either set the restrictions at the group level or at the user level. You can also leave both User and User Group blank. This will restrict access to all users by default.
In the above screenshot, access to the menu function is restricted by default for every user, except for the akAdmin group.
2) You can set a SST (Smart Security Token): 'ListUserSessions' to either restricted or unrestricted.
When the ListUserSessions token is unrestricted for a user/group, that user/group will get access to the entire list of sessions from the database, for all the users and all domains.
When the ListUserSessions token is set to restricted, that user will only get access to their own sessions.
This token can also be set from the Security Assignment Tab:
- Security Realm: SST
- Security Item: ListUserSessions
- Restricted: true/false
Like the security assignment for the menu function, this can also be set to restricted by default for all users, by leaving the user/user group blank by default. That means all users will only be able to list their own sessions.
In the above screenshot, every user, except the akAdmin group has restricted access. That means that every user that has access to this new screen and is NOT an akAdmin will only be able to list their own sessions. AkAdmins will be able to view all the sessions the the window grid.
In the future, in order to allow the possibility to restrice access to user sessions per domain, we will add a new SST attribute: ListGlobalSessions.
This attribute can be set in combination with the existing one, ListUserSessions. By default, the new attribute will be set to unrestricted access ONLY for akAdmins.
See below table for possible combinations of the two attributes.
| ListUserSessions restricted | ListUserSessions unrestricted | |
| ListGlobalSessions restricted | User will only see his/her sessions. | User will see all sessions for his/her domain/s. |
| ListGlobalSessions unrestricted | User will only see his/her sessions. | User is able to see all the sessions in the database, for all users and all domains. |