Roles
Feb 16, 2023 • 3 minutes to readApplication roles provide a way to control access to your application and restrict access to sensitive data and functionality within the application. Roles can be assigned to individual users or groups of users based on their roles and responsibilities. Each application role has its own set of permissions that users can define:
- Different levels of access permissions based on user roles. Users can be granted permission to add, view, modify, and delete records, with some users restricted to only viewing information, while others can add records but not modify existing ones. Certain roles may have full access to view, add, edit, or delete records.
- Record access permissions. Users can also be granted access to modify or delete specific records based on specific criteria.
- Action permissions. To ensure that users can only perform authorized operations, the application dynamically hides operations that are not available to users within their assigned role, based on their access permissions.
When opening Roles for the first time, you can see the predefined public access roles that specify access to publicly available AppPages. The public access role has assigned Default permissions which allow for configuring Create, Read, Update, and Delete access to either no or all records. If you need to apply different access permissions to each table in your app, add custom permissions.
Note: Default permissions affect all tables in your app – current and future ones.
You can create your own roles to effectively manage user access to data in your app. Each created role is connected to a directory. During role creation, it is required to select a directory that will define from which directory users will be assigned to a role. It is possible to assign multiple roles to the same directory.
All roles are reflected in segments, meaning that each time you create a role, a respective segment appears automatically in Flex. All your app users need to have a role assigned to a particular segment, to get access to AppPages in this segment. Learn more.
Each time you create a role, default permissions are assigned to it.
If default permissions do not answer your needs and you need to adjust the visibility of exposed data in a more complex way, you can add Custom permissions. Custom permission can be set on a given table and they offer robust filters to limit the visibility of table records. You can apply:
- Permissions to create new records,
- Read, Update and Delete permissions to none, all, user-owned, or RLS records. Learn more.
Once you create a role, you need to assign users or users group to them. Only users from a directory selected during role creation can be applied to a role.
Note: A single user can have multiple roles. In case a user has many roles assigned to data exposed with an AppPage, the access permissions will be the sum of all permissions from each role.
If you want to grant the same access permissions to multiple users, you can create a group in a directory and assign it to a role. Using groups is also effective for managing multiple users with the same or similar permission sets for different applications.
Note: It is possible to replace a directory, but it will cause the removal of all added users.