Skip to main content
A newer version of this page is available. .

Security System Overview

  • 6 minutes to read

This topic describes the Security System’s permission types. Configure permissions in a role and assign it to a user. Each user should have at least one role. The Security System checks permissions for each role and determines access rights as described in the Merging of Permissions Defined in Different Roles topic.

Administrative Permission

The IPermissionPolicyRole.IsAdministrative option grants all available permissions to a role.


You cannot deny any rights for a role with the Administrative Permission.

Edit Model Permission

The IPermissionPolicyRole.CanEditModel option allows users associated with the current role to use the Model Editor.


When the Edit Model or Administrative permission is granted, the EditModel Action is available in the Tools category.


Permission Policy

The Permission Policy determines the Security System’s behavior when a specific type, object or member does not have explicitly specified permissions. Refer to the Permission policies topic for more information.


In XAF applications, you can manage access to navigation control‘s items in the Navigation Permissions tab. You can grant or deny a permission for a single navigation item or for the whole navigation group as shown on the image below:


Item permissions have a greater priority than group permissions. For instance, if you deny access to the group, but grant access for one of its items, this item is enabled in the navigation control.


Navigation permissions manage the visibility of the navigation control’s items. They do not grant or deny access to navigation items’ associated business objects. Use Type permissions or Object permissions to manage access to these objects.


  • Individual navigation items do not support Navigation permissions when the Deny Permission Policy is selected. The Navigation Permissions tab is not available in this mode. However, you can specify navigation permissions for each type in the Type Permissions tab.
  • If you created an application in XAF v16.1 or earlier, you should upgrade an application’s project to the Allow/Deny Permissions Policy to enable the Navigation Permissions tab. If you use the Entity Framework as the ORM system, you may also need to perform a migration to specify permissions for each navigation item.
  • Mobile applications do not provide a special Property Editor for modifying a navigation item list. You can input or modify them only as a string with item names separated by a semicolon. Note that XAF does not validate these item names.

Type Permissions

The Type Permissions tab specifies access to all objects of a particular type. The image below illustrates the PermissionPolicyUser Detail View.


The following operation types can be granted or denied:

Operation Description
Read Objects of the current type are readable. To make an object read-only, allow the Read operation and deny the Write operation.
Write Objects of the current type are editable.
Create New objects of the current type can be created. Note that granting Create without Write does not allow a user to save new objects.
Delete Objects of the current type can be deleted.

Object Permissions

Object permissions grant access to object instances that fit a specified criterion. The following image illustrates the Object Permissions tab in the Type Operation Permissions dialog.


Member Permissions

Member permissions grant access to specific members of an object. Double-click a record in a type permission list invokes the following dialog.


For example, users can have access to objects of a particular type and simultaneously have no access to several members of this type. For another example, it is possible to deny access to objects of a particular type and only allow access to a strict list of its members. You can set a Members value to a string that is a semicolon-separated list of property names. In WinForms and ASP.NET applications, the CheckedListBoxPropertyEditor simplifies the specification of a Members value (select member names in the combo box).


You can also specify a criterion for a Member permission entry. The entry is active when the current object meets the criterion.



  • Mobile applications do not provide a special Property Editor for modifying a member name list or criterion, so you can input or modify them only as a string. Note that XAF does not validate these property names and criterion.
  • When a new object is created (and not yet saved), the Member permissions do not affect the editors’ enabled/disabled state. However, the permissions will be correctly handled on saving. You can use the Conditional Appearance Module to disable required editors for a new object.

Permissions for One-to-Many and Many-to-Many Associations

The Security System automatically configures permissions for one side of an association if the other side is specified. The Permissions for Associated Objects topic describes this behavior. You can also specify permissions for both sides of an association. Refer to the How to: Manually Configure Permissions for Associated Collections and Reference Properties topic for more information on this approach.

Reference Properties Access

To determine whether access to reference properties such as AssignedTo and complex reference properties such as AssignedTo.Name is allowed, the Security System checks the current type’s Type permissions, the reference property type’s Type permissions, and each member’s Member permissions (in the property path). For example, when the SecuritySystem.IsGranted method is called to determine whether the current user can modify the AssignedTo.Name property, the Security System checks the following operations:

  • the ‘Read’ operation for the current type;
  • the ‘Read’ operation for the AssignedTo property of the current type;
  • the ‘Read’ operation of the referenced type;
  • the ‘Write’ operation for the Name property of the referenced type.

Restrict Non-Persistent Types Access

Non-persistent object types are not included in the Type permissions list and are accessible to everyone. Add the non-persistent object type to the static SecurityStrategy.AdditionalSecuredTypes collection to include this type in the Type permissions list.



Non-persistent types support only the Type and Member permissions, and the Security System applies these permissions only at the UI Level. Refer to the Client-Side Security (2-Tier Architecture) - UI Level Mode topic for more information about this mode and its limitations.

Check Security Permissions in Code

Use the static SecuritySystem class to make a request to the Security System and check permissions in code. See an example in the Access the Security System in Code topic.

Refer to the following topics for more information on security customization:

See Also