Hiding Association Types Based On Security Role

There may be security implications with allowing all editors to see all the roles that are played, or may be played by a particular page in the topic map. The EPiServer Module supports schema annotations to specify particular association types that should not be shown by the classification editor unless the user is a member of one of a set of security roles.

EPiServer CMS 6 and later supports the .NET security model including users that operate in particular security roles (we will always refer to them as security roles to avoid ambiguity with the concept of topic map assocation roles).

Users (or Principals) that are logged in to an EPiServer system may be assigned to particular security roles within the system. An editor, therefore, may be a member of several security roles in addition to being given the "Editor" role. The TMCore EPiServer Module takes advantage of the security role mechanism to provide a mechanism whereby the administrator may configure some of the association types to be hidden from the user depending on the role that are in.

Using the same example as we used for hiding particular association types, if we wanted to allow only "PowerEditors" and "Administrators" access to see that Themes may be associated with Documents we create an occurrence/NPCL Extension of type http://psi.networkedplanet.com/extensions/episervermodule/allowOnlyRoles with the value set to be a semi-colon delimited list of security roles that are permitted: PowerEditors;Administrators.

If this occurrence is omitted, then all security roles are permitted (no security checks are done).

If you wish to totally hide an association type from all but a specific set of security roles, then you must add the occurrence to both roles of the association.