You can give both internal users and external users access to your instance. However,
you might not want both types of users to have the same level of access. To provide added
security, every user must have at least one role so that the instance can distinguish between
internal and external users.
Important: Some functions of the Explicit Roles plugin (identified
below) are effective only with Jakarta Patch 7 (JP7) and above.
External users must obtain, at minimum, the snc_external role. The snc_external role indicates
that the user is external to your organization and should not have any access to resources
unless explicitly allowed through ACLs for the snc_external role or additional roles. By
default, users with the snc_external role are unable to access non-record type resources as
well, such as processors and UI pages.
Do not mark the snc_internal role as elevated. Otherwise, internal users cannot access the
Note: You can use with the snc_internal and snc_external
roles. However, adding encryption contexts to more detailed roles is recommended.
Explicit Roles plugin
The Explicit Roles (
com.glide.explicit_roles) plugin provides the
snc_external and snc_internal roles.
When this plugin is activated:
Do not move System update sets
among instances with and without the Explicit Roles plugin
Note: This plugin also requires the plugin.
Providing access to external users
You can grant external users access to tables be creating a set of ACLs for the table. See
Another approach you can take is to give all external users access to all tables, and then
restrict access to specific tables. You can do this by adding the snc_external role to the
* ACL that is of Type=ui_page.
The hasRoles() method
hasRoles() method is still available, but is deprecated in the Geneva
release. Use the
hasRole(role name) method instead.
If you do use the
method, note these changes:
- This method automatically excludes the default snc_internal role when it checks for roles.
If a user has only the snc_internal role, the
hasRoles() method still
- If the user has the snc_external role, the method returns false
because the instance considers external users to be without a role.