However, I have 2 user sources. The "default" source is the soft fallback for the "auth" source.
The auth has roles "Supervisor" and "Operator" while the default source has an roles "default" and "Administrator".
When the project starts it uses auto-login with the default/default user. I can log in as a user with any of the roles Supervisor, Operator, or Administrator. However, the only options I have for security configuration are Supervisor and Operator. How can I give access to the Administrator role? Must I create an Administrator role in the auth source, even though none of the users would have this role?
It sounds like the security settings panel is aware of only the list of roles in the project's default User Source.
So you could add it to make that option available, or you can instead use the expression hasRole()
and create expression bindings on the enabled property or have an overlay-like component become visible. It is more manual, but more customizable.
I'm not really sure what the other option would be. Manually adding role strings sounds like a recipe for fat-fingered confusion, and refactoring Vision's setup to allow registering multiple auth profiles with the project would be a massive, risky undertaking.
No, you're right, that would be relatively easy to do. Does still invite confusion, though - the vast majority of people are not going to be in a soft failover scenario. Either way - no short term solution; you'll probably want to go with the additional (empty) role in your primary user source workaround.