Introduction

There are two elements of security we will look at in this chapter:

1. Controlling who can access an application.

2. Controlling Privileges within an application.

From PhixFlow Version 9.0 onwards, 2 user groups are automatically created for each application:

• appname for people who need to use the application.
• appname_Admin for people who need to manage the application and user access to it.

where appname is the same as the application's name. 

We will cover the fundamental of security and access control in this chapter using existing configuration. For more information on this topic see:

1. Controlling User Access to Applications.
   1. This page covers this topic in more detail and explains how to setup new groups and role.
2. Managing User Groups and Privileges.
   1. This page goes into detail about setting up user groups, roles and privileges.

Access Control

Accessing to an Application

1. Open the Properties of your application

2. Click on the 

   Insert excerpt
   _security _security nopanel true

1. tab
   1. All Users Can View Application, ticking this makes the application available to all. If you want to use this option consider applying it once the application is complete.
   2. User Groups, lists the groups that have access to our application.
      1. Select a group and the delete icon appears allowing you to remove the group.
      2. Click on the group icon to see a list of available groups, these can be dragged into the list.
   3. For our example we will leave the options as they are.

Testing

1. First we need to create a new test user as follows.
2. In the Full Repository, right-click Users.

3. Click 

   Insert excerpt
   _addIcon _addIcon nopanel true

    and set:

   1. the username and password.

   2. Enabled, tick.

   3. Add the User Group, Users to the user.

   4. Log out of PhixFlow.

4. Log into PhixFlow as the test user. You should not be able to see your application, click on the 9 dots to confirm this.

5. Now, log back in as yourself
6. Update the test user's associated User Groups, adding the group associated to your application. This should be the My Application group as illustrated:
   1. Image Added
7. Log in as the test user and your application is now available.

Controlling Privileges in an Application

Within an application there can be varying levels of permissions. Here we will look at adding permissions to a specific button but they can be added to other content to restrict access and interactions.

1. Open the Home screen so it is ready to edit.
2. Click on the Orders button so the properties open. We can restrict who has permissions to see this and use this button with a few clicks.
3. Click on the 

   Insert excerpt
   _security _security nopanel true

   tab.
4. By default All Users can View Data is ticked. This allows users permission to see and click this button.
   1.  Note it is possible to create user accounts that only have read only permissions and therefore cannot click on any button.For more information on this see the links in the introduction section above.
5. Untick All Users can View Data.
6. As before User Groups lists the groups that have access to this button.
   1. Click on the group icon to see a list of available groups, drag the appname_Admin group into the list i.e. My Application_Admin.
      1. Select a group and the delete icon appears allowing you to remove the group.
7. Save your changes.

Testing

1. Login as the test user created earlier.
2. When the Home screen loads the Orders option will not appear:
   1. Image Added
3. This option will only be available to users in the My Application_Admin user group.