Checking access restrictions in The Raiser’s Edge

In a recent project I had to ensure that specific confidential information was being saved as an action. I had a custom screen where this data was going to be viewed and edited. Only certain users had access to that action using security by action types. I had to check to see if the current user was able to view the action and if they could whether or not they were able to edit the details. There are useful methods for this in the API and I assumed it would be a simple task to use them.

The methods can be found under the SessionContext.Security interface. The interface consists of a number of “AccessTo” methods. In this case I was interested in the AccessToActionTypes. This checks to see if the user has access to an action with a specific action type. I used the method with my table entry id and all the other values as default values as shown below.

SessionContext.Security.AccessToActionTypes(tableEntriesID)

What this says is return true if the current user has access to the action type with that table entry id. However it never worked even for users that clearly did have the rights. The reason for this can be seen when we look at the default values.

SessionContext.Security.AccessToActionTypes(tableEntriesID, ESecuritySpecificAccess.SpecificAccess_ALL)

The next parameter shows which access rights the user should have. What is not clear is that it is not possible to have “ALL” rights to access actions by action type. Here is a list of the other options:

ESecuritySpecificAccess.SpecificAccess_ADD
ESecuritySpecificAccess.SpecificAccess_DELETE
ESecuritySpecificAccess.SpecificAccess_EDIT
ESecuritySpecificAccess.SpecificAccess_VIEW

When we look in the security area of The Raiser’s Edge there are only rights to view and edit. There is no reference to delete. By saying that we want “ALL” rights we are also saying that we want to delete too which is not actually an option. When I added a specific right of view or edit it worked perfectly.