Skip to main content

Example Three: Application Roles

An application can temporarily add all of its users to a set of roles called application roles. The users are members of these roles only while they use the application. When the users exit the application, they lose their membership in the application roles.

Use the Application Roles tab in the application definition to assign application roles. By default, the /csp/user application has %DB_USER as an application role. Here is the Application Roles tab from the application definition:

Red boxes highlighting the Application Roles section of the Application Roles tab

Use the form controls on the lower half of the page to add roles to the existing set of application roles.

Now, once again, execute the GET request in your REST client using the JSmith credentials. This time the request succeeds and we see that JSmith is a member of both the SecurityTutorialRole and the %DB_USER role.

Body of Postman response with username and roles

Note:

If a user is already a member of an application role before entering the application, then the application does not assign the user to any new roles and does not remove the user from any roles.

Next sectionExample Four: Matching and Target Roles
Previous sectionExample Two: Protecting an Application with a Resource
FeedbackOpens in a new tab