Skip to main content

Controlling Access to CSP Pages

In addition to adding authentication (not explicitly described here), you can make your pages private and you can require permissions to use pages.

These options are combined with the security settings of the web application in which the CSP pages are executed.

Making a Page Private

If you make a page private, when a user tries to display the page, the browser shows a message saying Forbidden.

To make a page private, so that it can be accessed only via links from other CSP pages, specify the PRIVATE class parameter as 1:

Parameter PRIVATE = 1;

By default, pages are public.

Requiring Permissions to Use the Page

Use the SECURITYRESOURCE class parameter to limit access to CSP pages. For example:

Parameter SECURITYRESOURCE = "%Development:USE";

The SECURITYRESOURCE parameter must be a comma-delimited list of system resources and the required permissions for each. You can specify an OR condition using the vertical bar (|) and an AND condition using a comma (,). A user must hold the specified permissions on all of the specified resources in order to view this page or invoke any of its server-side methods from the client.

An item in the list has the following format:

Resource[:Permission]

Resource is any of the resources defined on the server. Navigate to System Administration > Security > Resources for a list of resources.

Permission is one of USE, READ, or WRITE. Optional; default is USE.

For another example:

Parameter SECURITYRESOURCE = "R1,R2|R3,R3|R4" ;

This example means the user must have resource R1 AND one of (R2 OR R3) AND one of (R3 OR R4). If the user has R1,R3 they can run the page. If the user has R1,R4, they cannot run the page, as they do not meet the R2 OR R3 condition. The vertical bar (|) OR condition takes precedence over the comma (,) AND condition.

FeedbackOpens in a new tab