Managing User Groups and Privileges
This page is for PhixFlow administrators who want to manage user groups. For related information, see the PhixFlow User Administration topic.
PhixFlow Default User Groups
PhixFlow has 6 user groups enabled by default. Each user group has its own role, which defines the privileges for the group. We recommend that you do not change the default roles, although users who belong to the Administrator group have permissions to update them if required.
We recommend that you create an App-User and App-Admin user group and associated role for PhixFlow. In the role you can configure the privileges related to using and managing applications
From version 9.0 onward, when a new application is created, PhixFlow automatically creates 2 user groups that belong to the application. The application creator is added to the user groups. Use these groups to configure the roles and privileges required to use and manage the completed application. If you have configured the App-User and App-Admin user groups and roles at the system level, you can simply refer to them in the application user groups. Otherwise, you have to set the privileges separately for each application; see Controlling User Access to Applications.
The user groups are :
| User Group | Associated Role | Description |
|---|---|---|
| Default User Groups (maintained by PhixFlow) | ||
| Administrators | Administrator | Members can add new users and modify other user's accounts. Only members of this group can create, delete or update another users' credentials. |
| Designers | Modeller | Members can create models and applications. They can also update general configuration options. |
| Guests | Guest | Members can view configurations, but have few other privileges. |
| Startup | startup | A user group for the initial setup of a new PhixFlow installation. When first installed, PhixFlow creates a startup user in this group, with privileges to administer other users. Once you have added users to the Administrator group, remember to delete this user. |
| Users | User | Members can view application screens, data and the repository. |
| SuperUsers | Superuser | Members have more privileges than users. Use this group for application designers or model managers. Superuser's have full access to PhixFlow data and can create filters and views on it. |
Recommended Roles Configured:
| ||
| - | AppUser | Requires configuration with the privileges required for application users to access and run applications. |
| - | AppAdmin | Requires configuration with the privileges required for application managers to maintain an application. |
| Application User Groups; see Controlling User Access to Applications | ||
| appname* | AppUser | The administrator or application designer must add users, roles and privileges to enable members to use the application. |
appname_Admin | AppAdmin | The administrator or application designer must add users, roles and privileges to enable members to manage the application. For example, you may want to provide an application administrator with permission to approve certain actions, to run data management tasks or to add users to the application. |
*appname is the application's name.
Adding or Changing a User Group
To configure PhixFlow to have a different set of permissions, create:
- a new user group and define the PhixFlow components that users can access.
- a new role that specifies the privileges.
To see the list of existing user groups, in the Full Repository, scroll down to 
User Groups and expand the section. If you are managing users for an application, find and expand the application name, and scroll to the user groups listed for the application.
To change a user group, double-click on the name and edit the properties.
To add a new user group, right click User Groups and select 
Create New; see User Group.
There are two ways you can add a user to a user group.
- In the user group properties → Users section, open a list of users and drag one or more into the list.
- In the user properties → User Group section, open a list of user groups and drag one or more into the list.
Roles and Privileges
The privileges that members of a user group have is controlled by their role. To find out what privileges a user group has, in the user group properties → Role section, double-click on a role. PhixFlow opens the role properties where the Privileges section lists all the privileges. For example, the Modeller privilege includes List Database Exporters, Modify Database Exporters and View Database Exporters.
User groups can have multiple roles. For example you may want a group of users who can both create models and add filters to views on the models. In this case you could add the two roles Designers and SuperUsers.
We recommend that you do not change the default roles, although users who belong to the Administrator group have permissions to update them if required.
Restricting Access to Modelling Objects
By default, PhixFlow is set up to allow all users with the relevant privileges to access all items, such as tables, views, screens, filters etc.
For items that belong to an application or package, the user also requires the privilege to access that application or package; see Controlling User Access to Applications.
You may need to restrict access to only some items, for example to provide access to specific screens related to a project. To do this:
- In the item's properties → Access Permissions section, untick the All Users can View Data check box.
- Either, in the item's properties → User Group section, drag in the user group.
or, in the user group properties, expand the section related to the type of object and drag it into the user group.
Now only users of the specified group can use the item.
Access Permissions
You can limit which users can add or remove members from a user group. Tick the Access Permissions → Restrict who can manage members of this user group check box. PhixFlow adds a grid where you can drag in other user groups. See User Group > Access Permissions for details.
Learn More