Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Insert excerpt
_Banners
_Banners
nameapp
nopaneltrue

This page is for application designers who need to specify which users can access an application.

Overview

Once an application is complete and ready for use, you need to configure the privileges that the application users require. To learn more about users, user groups, roles and privileges, see Managing User Groups and Privileges.

From version 9.0 onwards, PhixFlow automatically creates 2 user groups for applications:

  • appname for people who need to use the application
  • appname_Admin for people who need to manage the application and user access to it.

where appname is the same as the application's name.  

For applications created in versions earlier than 9.0, you must create these user groups. 

Use the application user groups to configure user access to your application before making it available; see Configuring Application User Privileges, below.

Planning User Access to Application Screens

Remember that when you design an application, you will have different types of user. For each type of user:

  • Consider all the screens that they need to access.
  • Decide if they start on the application's home screen or if they need a different landing screen.
    • You may want a subset of users to open your application on a specific screen (not the application's home screen). For example, the application manager may need access to task-specific options. 
  • Determine the routes that that allow them to get to screens from their landing page.
  • Add navigation menus and buttons so that users can follow these routes.

    These users can be used with a role assigned, or can  simply used to grant access where a user is a part of a group. For example, a user will need to be in the appname group in order to access the application and in the user groupd to have adequate privieleg to undertae any activity. The appname_Admin, can then be assigned to specific objects and a user must be a pat of this group to see/interact with them. For example, an admin options button can be set for appname_Admin use and only users in this groups will see it.  

    For applications created in versions earlier than 9.0, you must create these user groups. 

    Configuring Application User Privileges 
    Anchor
    appuser
    appuser

    You must configure roles for:

    application users with the following privileges

    General Application Users require the following privilege as a minimum. These can be setup in a bespoke role depending on your requirements, or alternatively use the prebuilt User role:

    • Run Actions
    • View Applications
    • View Dashboards
    • View Data
    • View Components
    • View Styles
    • View Filters
    • View Menu Items
    • View Menus
    • View Streams
    • View Stream Actions
    • View Stream Views
    • View Styles
    • application managers, with the privileges they require.

    You can configure the roles:

    either

    Application Administrators, requirements will depend on your own requirements. For example these might be user users who can see everything including all data and perform any interaction. Alternatively their role pay be administrative only and they cannot see the data in an application.

    • Any privileges required.

    Roles can be Configured

    If you need to configure a role as their is not a preconfigure role that suits, you can do the following:

    • either create on in the Full Repository, if you want all applications to make use the same role.
    • or in the application-specific repositorywithin an application, if you want to create a separate role for each application.

    Step 1  Configure Roles and Privileges 

    1. In either the Full Repository, or the application-specific repository, right-click Role and select 
      Insert excerpt
      _new
      _new
      nopaneltrue
      .
    2. In the role properties, set Basic Settings → Name. For example:
      • for application users: AppUser
      • for application managers: AppAdmin
    3. In the Roles section toolbar, click 
      Insert excerpt
      _roles
      _roles
      nopaneltrue
       to open the list of roles.
    4. Drag in the privileges for the role.
    5.  Click 
      Insert excerpt
      _finish
      _finish
      nopaneltrue
       to save and close the new role.

    If you configure the roles in the Full Repository, you only need to do this once.

    Step 2  Configure Users

    If PhixFlow does not already have user accounts for your application users, ask your administrator to add them; see User

    Optionally Set Defaults

    If a user only requires access to one application, configure Basic Settings → Default Application; see User

    If a user requires a task-specific landing screen, configure Basic Settings → Default Dashboard.

    Step 3  Configure User Groups in the Application

    1. In the application-specific repository, expand User Groups and open the application's user group. 
    2. Find the AppUser or AppAdmin role:
      • For roles created within the application, in the Roles section toolbar click  
        Insert excerpt
        _roles
        _roles
        nopaneltrue
         to open a list.
      • For roles created in the Full Repository, open the repository in a pane next to the user group properties and navigate to the role.
    3. Drag the role from the list/repository into the Role section.
    4. In the Users section of the user group properties, 
      Insert excerpt
      _user
      _user
      nopaneltrue
       to open a list.
    5. Drag users from the list into the Users section.

    Restricting Access

    Any application user can access all data and actions, unless you specifically configure restrictions.


    Note

    In general, we recommend providing all users with access to screens, tables, views and actions, as providing user access per item becomes complex and hard to manage. 

    For the following items, their properties include options that are ticked by default.

    • screens:
      • Public
      • All Users Can View Data
    • tables: All Users Can View Data
    • views: All Users Can View Data
    • actionsAll Users Can Run Action

    For greater control over access to parts of your application, you can consider restricting access.

    1. For the item you want to restrict, untick All Users Can...
      For screens, also untick Public.
    2. PhixFlow displays properties to which you can add specific user groups.

    Restricting access is most useful for where you want specific people:

    • to perform key actions, such as approval or deletion.
    • to access parts of your application.

    In this case, you apply the restriction to actions on a button. The following section explains how configure user groups and privileges to create more complex access options.

    Controlling Access Using Action Buttons 
    Anchor
    buttons
    buttons

    1. Create a set of user groups to represent all application user roles.
    2. To each user group, add access to the actions buttons that the group of users need to access:
      •  tasks
      •  other screens
    3. Only associate the privileges specifically for this role, not for this role and everything “underneath” it. 
    4. At least one user group must contain the AppUser role.
    5. Layer the user groups onto the users so that they end up with the access they need.