Each permission defined in Visual Guard can have Property Actions or Script Actions associated with it. These are codified changes to make to your application, written and managed in the administrative console and executed at run-time of the application. You can do something as simple as create a ViewGrid permission and set the Visible property on a grid to true if the user has that permission. Once the permissions are defined, this can be managed by your operations or security teams with no intervention from a developer required. There are more advanced integrations available that involve a developer modifying code to provide additional security checks if that is what you require. However, this is too cool for me to be able to delegate the authorization checks of my application to the operations team!
Another interesting feature that Visual Guard could help me with is multi-tenancy. I have architected and written several large multi-tenant applications in my past, and the story of data access and security is always a sticky one to describe and get correct with thousands of lines of code to manage. Visual Guard has built in inheritance of permissions from group to child-group. This hierarchy is a nightmare to manage in a SQL database, and I can now rely on Visual Guard to apply that hierarchy and data-filter for me.
Finally, there is always a question of accountability. Who performed what secured operation and what time in the application? In the past, I’ve written huge database tables and logging mechanisms to provide this auditability of secure content. Visual Guard provides an audit report that outputs all records of security checks in your applications. After having handcrafted several of these services, I am happy to see that I don’t need to do that again. According to the docs from Novalys, Visual Guard is HIPPA and SOX compliant ... another headache that I can leave to professionals who are focused on that task.
My mindset on security has changed. No longer do I view it as an afterthought that can be added to my code once I have the core functionality working. Now I see security as something that I can partner with my operations team to implement. I can enable them to secure the services we are producing with the help of Novalys Visual Guard. This leads to more secure systems, security officers who are more aware of how software services are secured and more secure control of authorization capabilities within those facilities.
Disclosure of Material Connection: I received one or more of the products or services mentioned above for free in the hope that I would mention it on my blog. Regardless, I only recommend products or services I use personally and believe my readers will enjoy. I am disclosing this in accordance with the Federal Trade Commission’s 16 CFR, Part 255: "Guides Concerning the Use of Endorsements and Testimonials in Advertising.