This article describes the best way to control access to apps for end users.
When creating an app two user groups are created to help control access, see flow 2.5 the notes cover the logic. This will influence the wording on this page.
We also need to review controlling access to action buttons as we are now moving to ActionFlows. Comments in green below
Overview
For end users of a PhixFlow application, we recommend that access to PhixFlow itself is restricted. You can ensure that users can only access applications as follows.
- Create an App User role with the essential privileges (listed below).
- Assign application users to the App User role. They will have no access to the repository lists of dashboards, views, streams or any other modelling objects.
- Configure a default dashboard to act as a landing page when user logs into PhixFlow that is, setting a default dashboard for their User.
- Ensure that all the navigation that they require is available in the application's menu options or Action buttons on dashboards.
Creating the App User Role
PhixFlow has a set of pre-configured user roles. However, there is no pre-configured role for an application user.
Application users only need a limited set of privileges to ensure that they can log into the PhixFlow applications that they need to use. Therefore we recommend that you create a specific App User role on your instance of PhixFlow.
- In the Full Repository, right-click Role and select Create New.
- In the role properties, set Basic Settings → Name to
App User
. - In the Roles section toolbar, click Roles to open the list of roles.
- Drag in the following privileges:
- Run Stream Actions
- View Applications
- View Dashboards
- View Data
- View Layout Components
- View Styles
- View Filters
- View Menu Items
- View Menus
- View Streams
- View Stream Actions
- View Stream Views
- View Styles
- Click Apply and Close to save and close the new role.
- Add the App User role to the user groups that need access to the application. We need to confirm if this is now automatically added to the App Name user group that gets auto-created.
Planning User Access to Screens
Remember that when you design an application, you will have different types of user. For each type of user you must:
- Consider all the dashboards that they need to be able to see
- Determine the routes that that allow them to get to these dashboards from their landing page
- Add buttons to dashboards as needed to allow users to follow these routes
- Leave access open to:
- dashboards: Public ticked; All Users Can View Data ticked
- streams: All Users Can View Data ticked
- views: All Users Can View Data ticked
- Close access to actions: untick All Users Can Run Action
Restricting access to dashboards, streams and views can be useful when users can only navigate to the screens using action buttons. You can also control access to actions buttons (see below). If you limit access to dashboards, streams or stream views, to specific user groups, remember to add the required privileges to the user groups.
This can easily become complex and hard to manage.
Controlling Access Using Action Buttons can we have an example?
- Create a set of user groups to represent all application user roles.
- To each user group add access to the actions buttons that the group of users need to access
- tasks
- other dashboards
- Only associate the privileges specifically for this role, not for this role and everything “underneath” it. What does this mean?
- At least one user group must contain the App User role.
- Layer the user groups onto the users so that they end up with the access they need.