Component security being overridden

We had used Component security on a button to restrict its use to Administrators only - if a user wasn’t an administrator, the button was disabled. We also only wanted to enable the button when a window parameter was one of several values - we implemented this by putting an expression on the window’s enabled property.

What we found was that the expression on the enabled property was overriding the Component security - if the expression was true, the button was enabled, no matter whether the user was an administrator or not.

I would have thought that the Component security should take precedence over any other binding?

The built-in security does take precedence, but not in the way you think. When the window first opens, the ‘enabled’ property is set based on security, but after that any bindings or scripts that change the ‘enabled’ property will still update it because the security doesn’t actively monitor it.

To make your button behave the way you want it to, you will have to add something to your existing binding. I recommend adding a boolean property that uses something like: if(indexOf({[System]Client/User/RolesString}, "Admin")=-1,0,1) to determine if the user is an Admin and add that property to your existing expression binding.

Thanks Bobby, that’s exactly what we did. Your explanation clarifies what was happening.