Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For end users of a PhixFlow application, we recommend that access to PhixFlow itself is restricted. You can ensure that users can only access applications as follows.

  • Set up Create an App User role with only the essential privileges (listed below).
  • Assign application users to the App User role. They will have no access to the repository lists of dashboards, views, streams or any other modelling objects.
  • Configure a default dashboard to act as a landing page when user logs into PhixFlow that is, setting a default dashboard for their User.
  • Ensure that all the navigation that they require is available in the application's menu options or Action buttons on dashboards.

...

Creating the App User Role 
Anchor
appuser
appuser

PhixFlow has a set of pre-configured user roles. However, there is no pre-configured role for an application user.

...

  1. In the Full Repository, right-click Role and select 
    Insert excerpt
    _add
    _add
    nopaneltrue
    .
  2. In the role properties, set Basic Settings → Name to App User.
  3. In the Roles section toolbar, click 
    Insert excerpt
    _roles
    _roles
    nopaneltrue
     to open the list of roles.
  4. Drag in the following privileges:
    • Run Stream Actions
    • View Applications
    • View Dashboards
    • View Data
    • View Layout Components
    • View Styles
    • View Filters
    • View Menu Items
    • View Menus
    • View Streams
    • View Stream Actions
    • View Stream Views
    • View Styles
  5.  Click 
    Insert excerpt
    _finish
    _finish
    nopaneltrue
     to save and close the new role.
  6. Add the App User role .

Considerations for app building

...

  1. to the user groups that need access to the application.

Planning User Access to Screens

Remember that when you design an application, you will have different types of user. For each type of user you must:

...

Restricting access to dashboards, streams and views can be useful in some cases, but when putting apps together with the method described in this article it is not required, since end users are not able to navigate to these except via action buttons, and their access to actions buttons is controlled. If you restrict access to these components you will need to add these privileges to the relevant user groups, and this useful when users can only navigate to the screens using action buttons. You can also control access to actions buttons (see below). If you limit access to dashboards, streams or stream views, to specific user groups, remember to add the required privileges to the user groups.

Note

This can easily become complex and hard to manage.

Controlling

...

With this in place, access to apps can be controlled as follows:

...

Access Using Action Buttons

  1. Create a set of user groups that to represent all application user roles.
  2. To each user group add access to the actions buttons that give access to the tasks and routes to other dashboards required by this role – only the group of users need to access
    •  tasks
    •  other dashboards
  3. Only associate the privileges specifically for this role, not for this role and everything “underneath” it.
  4. At least one user group must contain the role App User - for clarity, it is best if the App User is only in one of the user groups added for users (commonly via an "App User" user group)App User role.
  5. Layer the user groups onto the users so that they end up with the access they need.