Example Four: Matching and Target Roles
An application can temporarily add some of its users to a set of roles using matching and target roles. If the user is a member of the matching role when entering the application, the application adds the user to the target roles. When users exit the application, they lose their membership in the target roles.
The following example demonstrates creating a matching role and target role for the /csp/user application.
Open the /csp/user CSP application definition.
Click the Matching Roles tab. Then do the following:
Select SecurityTutorialRole from the Select a matching role drop down list. Select a role from the Available column on the left of the form. In the example, %DB_DOCBOOK is selected.
Click the arrow in the middle. This displays the role on the Selected column on the right.
Click the Assign button.
The top half of the interface shows SecurityTutorialRole as a matching role and %DB_DOCBOOK as the target role.
Now open HomePage.cls in a Web browser. Enter JSmith for the user name and password and click Login. Since JSmith is a member of SecurityTutorialRole (the matching role), HomePage.cls displays %DB_DOCBOOK (the target role) among the roles that JSmith belongs to.
If a user is already a member of a target role before entering the application, then the application does not assign the user to any new roles and does not remove the user from any roles.