In this chapter we will introduce some control around who can access our app, and within the app, who can use certain administrative functions. We will also remove a button that is standard on views, to prevent unauthorised downloading of data.
Controlling access to apps
Add control to your app. To recap the steps in the video:
Restrict access to app
- Open the configuration form for the app
Contacts
- Open the section Access Permissions
- Untick All Users Can View Application
- Save your changes
To test this:
- Create a user (remember you need to go into the Full Repository browser to do this)
- Add the user group
App User
to the user - Logout, and log back in as this user
- You should now be only able to see the standard app
PhixFlow
- i.e. not theContacts
app
Add access to app
- Log back in as your modelling user (
train
) - Open the repository browser under the application
Contacts
- Add a User Group
- Call the user group
Contact User
and apply your changes - Open the section Applications, and bring up the list of applications
- Drag in the application
Contacts
- Still in the user group configuration form, add your test user
Log back in as your test user, and check that now you can access the Contacts
app.
Create admin level access
- Log back in as your modelling user (
train
) - Go into the configuration for the button
Import Contacts
, follow the quick link to the custom action that backs this- In the action configuration form, open the section Access Permissions
- Untick All Users Can Run Action
- Similarly, remove general access from the custom action that backs the button
Create Invoice
- Go to the menu item
Contact Types
in theContacts
dashboard - Right click, and select Show the Menu Item Configuration
- Follow the quick link to the action that backs the menu item
- Remove general access to this action
- Similarly, remove general access from the menu item
Contact Types
under theContact Management
menu at the top of PhixFlow - Open the repository browser under the application
Contacts
- Add a User Group
- Call the user group
Contact AdminĀ
and apply - Open the section Stream Actions
- Bring up the list of actions
- In the repository browser for actions, you will find all the actions you need under the stream
Contacts
- Drag actions for all four administration functions into the user group
- In the repository browser for actions, you will find all the actions you need under the stream
- Call the user group
- Create a test admin user
- Add this user to the user groups:
App User
Contact User
Contact Admin
- Add this user to the user groups:
Now try logging in with both the test contact user, and the test contact admin. Ensure that the contact user cannot see the administration functions, but the admin user can.
Controlling access to data functions
Remove the file download button from the grid view in the Contacts
app:
- From the grid view, go into the dashboard element details
- Open the section Header Options
- Untick Display Export Button
- Save your changes
- The file download button should no longer be shown in the header of the grid view
Next chapter: 16. Auditing Data Changes