It will commonly be the case that access to any model will require a user to ‘log in’ to the site in order to connect them with data modified in a previous session. Some clients may have arranged federated access credentials from their own IT infrastructure, but more typically the set of user IDs will be managed by Implied Logic Support. In general terms, it may be desirable to give different users access to different models.
Access to each model or model folder is controlled by one or more rules in a web.config file in the relevant folder which limits access to that folder and its sub-folders. Rather than name each specific user in every web.config file, an intermediate layer of access roles is used to map users to particular model clusters.
For example, if you wanted a two-tier system of public and private models, you could achieve this by placing every private model under a models\private folder which contained an access rule allowing access for a role called ‘Private models’, and then associating every user who should have access to these private models with that role.
An example of a role-based access rule
If you just want to force users to log in without requiring the definition of a role for all models, then you can use the syntax <deny users="?" />.