This article describes the best way to control access to apps for end users.
For end users of PhixFlow, it is best to control their access to their apps by:
- Giving users the App User role - that means that they have no access to the lists of dashboards, views, streams or any other modelling components in the left-hand menu bar
- Giving them a "landing page" - that is, setting a default dashboard for their user
- All navigation from that point being only by pressing actions buttons on dashboards.
This means that for each type of user you must consider all the dashboards that they need to be able to see, and consider the routes that that allow them to get to these dashboards from their landing page by pressing action buttons.
With this in place, access to apps can be controlled as follows:
- Build up a series of user groups that represent roles – only associate the privileges specifically for this role, not for this role and everything “underneath” it
- Layer the user groups onto the users so that they end up with the access they need
- At least one user group must contain the role App User - for clarity, it is best if the App User is only in one of the user groups added for users (commonly via an "App User" user group)
- Leave access open to:
- dashboards: Public ticked; All Users Can View Data ticked
- streams: All Users Can View Data ticked
- views: All Users Can View Data ticked
Restricting access to dashboards, streams and views can be useful in some cases, but when putting apps together with this method it is not required since end users are not able to navigate to these except via action buttons, and their access to these is controlled; if you restrict access to these components you will need to add these privileges to the relevant user groups, and this can easily become complex and hard to manage.