Roles

Application roles allow you to control access to your application, ensuring sensitive data and functionality are available only to authorized users. Roles can be assigned to individual users or groups based on their specific responsibilities. Each role includes a unique set of permissions that you can define to manage access and enforce security effectively.

For each role in the application, you can define the default permissions for four operation types: create, read, update, and delete (CRUD). Additionally, if your app’s access restrictions are more specific, you can create custom permissions for any table in the application, selecting the access levels for all CRUD operations.

When opening Roles for the first time, you can see the predefined public access roles that specify access to publicly available AppPages. The public access role has assigned Default permissions which allow for configuring Create, Read, Update, and Delete access to either no or all records. If you need to apply different access permissions to tables in your app, add custom permissions.  

Note: Default permissions affect all tables in your app – current and future ones.

You can create your own roles to effectively manage user access to data in your app. Each created role is connected to a directory. During role creation, it is required to select a directory that will define from which directory users will be assigned to a role. It is possible to assign multiple roles to the same directory. 

All roles are reflected in segments, meaning that each time you create a role, a respective segment appears automatically in Flex. All your app users need to have a role assigned to a particular segment, to get access to AppPages in this segment. Learn more.

Each time you create a role, default permissions are assigned to it.  

If default permissions do not answer your needs and you need to adjust the visibility of exposed data in a more complex way, you can add Custom permissions. Custom permission can be set on a given table and they offer robust filters to limit the visibility of table records. You can apply: 

• Permissions to create new records, 
• Read, Update and Delete permissions: none, all records, user’s own records, or custom. Learn more.

Once you create a role, you need to assign users or users group to them. Only users from a directory selected during role creation can be applied to a role. 

Note: A single user can have multiple roles. In case a user has many roles assigned to data exposed with an AppPage, the access permissions will be the sum of all permissions from each role. 

If you want to grant the same access permissions to multiple users, you can create a group in a directory and assign it to a role. Using groups is also effective for managing multiple users with the same or similar permission sets for different applications.  

Note: It is possible to replace a directory, but it will cause the removal of all added users.