Background

When maintaining a large model, you will find that eventually you need to review what access groups there are in the model, but also how Actions and ViewModels are assigned to these groups.

You need to answer questions like, "Does the access groups for actions match with the viewmodels they navigate to", or, "Do I have ViewModels that has no access group assigned, and therefore are open for access".

Here are some OCL queries and EAL code that both finds potential problems and corrects them if needed. Please adapt this code to your needs.

Code

Find all ViewModels (called "Span" in the internal model) with no access group but has actions navigating to it that has access groups.

Probably these viewmodels needs securing.

Span.allInstances->select(s|s.AccessGroups->isEmpty and s.CriteriaForServerSideExecute->isEmpty and s.UsePlacingHints and s.ShowByActions->notEmpty)->
  collect(s|s.Name, s.AccessGroups.Name->asCommaList, (s.ShowByActions->collect(a|a.Name + ' AG:' + a.AccessGroups.Name->asCommaList))->asCommaList)

ViewModel that no actions navigate to

Somewhat odd ViewModels that seems to be used for UI, but there's no way to reach them with an action.

Span.allinstances->select(s|s.ShowByActions->isEmpty and s.CriteriaForServerSideExecute->isEmpty and s.UsePlacingHints )->collect(span | span.Category.Name, span.Name, span.Class.Name, span.CodeComment)->orderBy(x|x.Name, x.Name1)