Telerik Platform provides an out-of-the box user management solution with support for all common user operations such as:
- User registration
- User authentication and authorization
- Role management
- Recovering user accounts (reset password)
- Linking and unlinking user accounts from social providers or AD FS providers
- Sending automated emails
In this article you will learn how to create user accounts through the Telerik Platform web user interface (UI) and how to manage data permissions.
Steps at a glance:
- Create a User Account
- Verify the Account
- Specify What Data the User Can or Cannot Access
- Test the RESTful Endpoint
- A Telerik Platform account.
- A content type created in your Telerik Platform app structured as described in Getting Started with Data.
- The App ID for your Telerik Platform app. You can access it from Settings.
After you have the User Management service set up, you can proceed to creating user accounts:
- Open you app.
- Navigate to Users > Users Browser.
- Click the Add a user button. You see the Add a user form:
Fill in all the fields, having these things in mind:
- You will need Username and Password for other user tasks such as integrating user authentication in your application code; write them down or make sure you remember them.
You will need to access the provided email mailbox to receive the user's Welcome and Verify Your Account emails.
Telerik Platform store the password securely in the database using an irreversible password hash.
All user accounts are assigned the default role set for your Telerik Platform app. You can manage the default role or add new roles by going to Users → Roles in the left-side navigation.
Click Save when you are ready.
You can also create user accounts programmatically using the approach explained in Registering Users.
Telerik Platform handles automatically the user verification process for each new user by sending an automated email titled Verify your account featuring a verification link. In addition, the user receives a Welcome email that greets them on behalf of your application.
Go to Users in the left-hand navigation pane and then click Automated Emails to edit the email templates or click Emails Settings to manage other email-related settings.
To verify the user account, log in to the user email account you provided earlier, find the Verify your account message and click the verification link.
This verifies your account. The VERIFIED column for the user in the Users Browser now shows Yes.
Note that both verified and unverified accounts are treated the same unless you implement your own programming logic based on the VERIFIED field.
After creating the user account, you can proceed to granting or denying it access to various data in your application.
You do that by specifying the content type's permissions model.
- Choosing the Private model allows authenticated users to read and write only their own data in the respective content type.
- Choosing the Shared model allows authenticated users to read and write shared data in addition to their own data in the respective content type.
- Choosing the Role-based model allows you to specify granular permissions for each of the predefined roles. For example you can grant read permissions to users in the Anonymous role but deny them create, update or delete permissions.
Take the following steps to manage role-based permissions through the UI:
- Navigate to Data > Permissions.
- Locate the content type that you want to manage.
- Click the drop-down menu next to the content type name and select Role-based.
- Use the check boxes to set granular permissions.
- Click the Save button.
To understand how permissions work, assume that you want to give the following permissions on the content type to the following roles:
- Anonymous (e.g. unauthenticated users) is denied any access
- Registered (e.g. the default role of the application) can read and create new data, but cannot modify or delete existing data
Owner (defaults to who created a given item, can be changed) can read all data items (inherited from Registered) and modify or delete their own items
To achieve this, make sure that:
- All check boxes for the Anonymous role are cleared
- The Read and Create boxes for the Registered role are checked and that Update and Delete are cleared
- All boxes for Owner are checked
The next image shows the result of taking these actions.
You can learn more about roles in Role-based security.
To manage permissions programmatically, see Introduction to Access Control.
With the App ID of your Telerik Platform app and the content type name at hand, you have a unique endpoint at your disposal that exposes all CRUD operations with the content type. You can access it using this URL:
Test it in your browser or using your favorite tool for making HTTP requests.
If you set your content type's permissions as suggested in the example above, anonymous requests to the content type will be forbidden. This means that you will receive an Access Denied error with a 403 HTTP status code.
- Registering Users
- Authenticating Users
- Verifying User Accounts
- Introduction to Social Login
- Integrating Active Directory Federation Services