Skip to main content
BuyLog In
XAF: Cross-Platform .NET App UI & Web API
Search in…
Docs > API Reference > DevExpress.Persistent.BaseImpl.EF > Role > Properties > AutoAssociationPermissions
All docs
V23.2
.NET 6.0+
XAF: Cross-Platform .NET App UI & Web API
Getting Started
Installation, Upgrade, Version History
Backend Web API Service
UI Shell and Base Infrastructure
Storage, ORM, and Business Model Design
Data Manipulation and Business Logic
User Interface and Behavior Customization
Data Filtering
Application Security and Data Safety
Multi-Tenancy (Data per Tenant)
Validation (Prevent Data Errors)
Conditional Appearance (Manage State of UI Elements)
Reporting (Shape, Export & Print Data)
Analytics (Extract Data Insights)
Document Management
Business Process Management
Event Planning
Localization
Accessibility Support
Debugging, Testing and Error Handling
Deployment
Support, QA & Troubleshooting
API Reference
DevExpress.EasyTest.Framework
DevExpress.EntityFrameworkCore.Security
DevExpress.ExpressApp
DevExpress.ExpressApp.Actions
DevExpress.ExpressApp.ApplicationBuilder
DevExpress.ExpressApp.AspNetCore
DevExpress.ExpressApp.AuditTrail
DevExpress.ExpressApp.Blazor
DevExpress.ExpressApp.Blazor.ApplicationBuilder
DevExpress.ExpressApp.Blazor.Editors
DevExpress.ExpressApp.Blazor.Editors.Grid
DevExpress.ExpressApp.Blazor.Editors.Models
DevExpress.ExpressApp.Blazor.Services
DevExpress.ExpressApp.Blazor.SystemModule
DevExpress.ExpressApp.Blazor.Templates.Navigation
DevExpress.ExpressApp.Chart
DevExpress.ExpressApp.Chart.Win
DevExpress.ExpressApp.CloneObject
DevExpress.ExpressApp.ConditionalAppearance
DevExpress.ExpressApp.Core
DevExpress.ExpressApp.Dashboards
DevExpress.ExpressApp.Dashboards.Blazor
DevExpress.ExpressApp.Dashboards.Blazor.Components
DevExpress.ExpressApp.Dashboards.Blazor.Components.Models
DevExpress.ExpressApp.Dashboards.Blazor.Controllers
DevExpress.ExpressApp.Dashboards.Blazor.Services
DevExpress.ExpressApp.Dashboards.Win
DevExpress.ExpressApp.Data
DevExpress.ExpressApp.DC
DevExpress.ExpressApp.DC.ClassGeneration
DevExpress.ExpressApp.Editors
DevExpress.ExpressApp.EFCore
DevExpress.ExpressApp.FileAttachments.Blazor
DevExpress.ExpressApp.FileAttachments.Win
DevExpress.ExpressApp.Filtering
DevExpress.ExpressApp.Kpi
DevExpress.ExpressApp.Layout
DevExpress.ExpressApp.MiddleTier
DevExpress.ExpressApp.Model
DevExpress.ExpressApp.Model.Core
DevExpress.ExpressApp.Model.NodeGenerators
DevExpress.ExpressApp.ModelEditor
DevExpress.ExpressApp.Notifications
DevExpress.ExpressApp.Notifications.Win
DevExpress.ExpressApp.Office
DevExpress.ExpressApp.Office.Blazor
DevExpress.ExpressApp.Office.Win
DevExpress.ExpressApp.PivotChart
DevExpress.ExpressApp.PivotChart.Win
DevExpress.ExpressApp.PivotGrid
DevExpress.ExpressApp.PivotGrid.Win
DevExpress.ExpressApp.ReportsV2
DevExpress.ExpressApp.ReportsV2.Blazor
DevExpress.ExpressApp.ReportsV2.Services
DevExpress.ExpressApp.ReportsV2.Win
DevExpress.ExpressApp.Scheduler
DevExpress.ExpressApp.Scheduler.Blazor
DevExpress.ExpressApp.Scheduler.Blazor.Editors
DevExpress.ExpressApp.Scheduler.Win
DevExpress.ExpressApp.ScriptRecorder
DevExpress.ExpressApp.ScriptRecorder.Win
DevExpress.ExpressApp.Security
DevExpress.ExpressApp.Security.Adapters
DevExpress.ExpressApp.Security.Authentication
DevExpress.ExpressApp.Security.ClientServer
DevExpress.ExpressApp.Security.ClientServer.Wcf
DevExpress.ExpressApp.Security.ClientServer.WebApi
DevExpress.ExpressApp.Security.EF.Adapters
DevExpress.ExpressApp.Security.Strategy
DevExpress.ExpressApp.Security.Xpo.Adapters
DevExpress.ExpressApp.Services.Localization
DevExpress.ExpressApp.StateMachine
DevExpress.ExpressApp.SystemModule
DevExpress.ExpressApp.Templates
DevExpress.ExpressApp.Templates.ActionContainers
DevExpress.ExpressApp.TreeListEditors
DevExpress.ExpressApp.TreeListEditors.Win
DevExpress.ExpressApp.Updating
DevExpress.ExpressApp.Utils
DevExpress.ExpressApp.Validation
DevExpress.ExpressApp.Validation.Win
DevExpress.ExpressApp.ViewVariantsModule
DevExpress.ExpressApp.WebApi.Services
DevExpress.ExpressApp.Win
DevExpress.ExpressApp.Win.ApplicationBuilder
DevExpress.ExpressApp.Win.Core
DevExpress.ExpressApp.Win.Editors
DevExpress.ExpressApp.Win.Model
DevExpress.ExpressApp.Win.SystemModule
DevExpress.ExpressApp.Win.Templates
DevExpress.ExpressApp.Win.Templates.Navigation
DevExpress.ExpressApp.Win.Utils
DevExpress.ExpressApp.Xpo
DevExpress.ExpressApp.Xpo.Utils
DevExpress.Persistent.AuditTrail
DevExpress.Persistent.Base
DevExpress.Persistent.Base.General
DevExpress.Persistent.Base.ReportsV2
DevExpress.Persistent.Base.Security
DevExpress.Persistent.BaseImpl
DevExpress.Persistent.BaseImpl.AuditTrail.Services
DevExpress.Persistent.BaseImpl.EF
BaseObject
DashboardData
MediaDataObject
ModelDifference
ModelDifferenceAspect
ReportDataV2
Role
Members
Constructors
Properties
AutoAssociationPermissions
CanEditModel
ChildRoles
ID
IsAdministrative
Name
ParentRoles
TypePermissions
Users
Methods
User
DevExpress.Persistent.BaseImpl.EF.PermissionPolicy
DevExpress.Persistent.BaseImpl.PermissionPolicy
DevExpress.Persistent.Validation
Download CHM

Role.AutoAssociationPermissions Property

Specifies, whether or not the required permissions are automatically configured for associated objects/collections.

Namespace: DevExpress.Persistent.BaseImpl.EF

Assembly: DevExpress.ExpressApp.Security.EF6.v23.2.dll

Declaration

[DefaultValue(false)]
public static bool AutoAssociationPermissions { get; set; }

Property Value

Type Default Description
Boolean false

true, if permissions are automatically configured for associations, otherwise, false.

Remarks

When the AutoAssociationPermissions value is false, you should manually grant permissions to both ends of the association, as demonstrated in How to: Manually Configure Permissions for Associated Collections and Reference Properties. When the AutoAssociationPermissions property is set to true, it is sufficient to grant or revoke permissions to view or edit a reference or collection property at one end of the association, and the Security System automatically adjusts the settings for the other end of this association. The default value is true, so permissions are automatically configured for associations. However, in certain complicated scenarios with conditional permissions, you may want to disable this feature, and configure permissions for both sides of an association manually.

The AutoAssociationPermissions value can be set in the entry point of your application, e.g.:

  • in the constructor of your platform-agnostic module located in the Module.cs (Module.vb) file;
  • in the constructor of your application located in the WinApplication.cs (WinApplication.vb) or WebApplication.cs (WebApplication.vb) file;
  • in the Main method of the WinForms application located in the Program.cs (Program.vb) file, before the WinApplication.Start call;
  • in the Application_Start method of the ASP.NET Web Forms application located in the Global.asax.cs (Global.asax.vb) file, before the WebApplication.Start call.

This is how the AutoAssociationPermissions setting is treated for various data model structures and scenarios:

Non-aggregated associated reference and collection properties

  • If the Read type permission is granted, the Read member permission for the associated member will be granted automatically.
  • If the Write type permission is granted, the Write member permission for the associated member will be granted automatically.
  • If the Read member permission without criteria is granted, the Read member permission for the associated member will be granted automatically.
  • If the Write member permission without criteria is granted, the Write member permission for the associated member will be granted automatically.
  • Member permissions with criteria and object permissions are not handled due to their technical complexity.

Aggregated collection properties

  • If the Read type permission is granted, the Read type permission for the associated member type will be granted automatically.
  • If the Write type permission is granted for the parent object type, the Write, Create and Delete type permissions for the associated member type will be granted automatically.
  • If the Read member permission without criteria is granted, the Read type permission for the associated member type will be granted automatically.
  • If the Write member permission without criteria is granted, the Write, Create and Delete type permissions for the associated member type will be granted automatically.
  • If the Read member permission with criteria is granted, the Read type permission for the associated member type will be granted automatically.
  • If the Write member permission with criteria is granted, the Write, Create, Delete type permissions for the associated member type will be granted automatically.
  • Object permissions are not handled.

Important

Limitations

  • Aggregated reference properties are not handled.
  • Member permissions for more than one property including an associated member (the “;” character is used to separate multiple property names) for the other side of an association are not processed, except for aggregated associations. For instance, in our MainDemo app, there is the Department class that has a one-to-many association with the Contact class through the Contacts collection property. If you grated a member permission for the Contacts property, and the other side of the association (Contact) already defines a member permission based on the associated member (Department) and other properties at the same time (e.g., Members = “Department;Manager;NickName”), then this case will not be handled and no permissions will be granted automatically for the other side of the association.
  • Cases where more than one target member permission is defined for one side of an association are not handled, except for cases where more than one target member permission is defined on the associated side of the aggregated object.
  • Cases where more than one equal target type permission is defined for one side of an association are not handled.

Note

In EF, any reference or collection property is considered as associated by default.

See Also