After reading this article you will know:
- What permissions are
- How permissions work in your application
- How to setup permissions
Permissions determine what a user can and can't do in your application. They are split in 4 different types: View, create, edit and delete records.
How permissions work
Permissions are given by adding roles to a user. By default a user can do everything in your app. A role determines what a user can't do. The user has to have at least 1 role to be able to use the app. Roles overlap eachother so that if you have multiple roles the least amount of permission is used. Example: 2 roles, role 1: can create new records, role 2 can't create records. If i own both roles i won't be able to create records.
Roles can be found in every application. It is one of the default models. When creating a new application 2 roles are created as well. The first is the admin role, a role which can do everything. The second is a role with the name of your application. This role can be used for users that are not building in the application but are using it.
You can create new roles or edit the existing ones. The fields on a role that are editable are:
The name of the role
The users that have this role
Can the user create filters on views
Create filters for others
Can the user create filters on views for others with this role
Can the user impersonate other users in the application
Can the user use the import function on views
Editing a role
Next to the basic permissions, roles have settings for each model. A role sets view, create, edit and delete permissions on a model. More about this can be found here.
Views use roles to determine if a user can use the view. You can set the roles that may open the view in de view settings. This also works on subviews.
View settings in which the admin role is set to be needed to use this view
You can also add permissions to actions. Only users with the needed roles can execute the action.
An action which can only be executed by users with the role Admin
To add another layer to permissions you can add visibility conditions to almost anything that can be shown. You can use filters and expressions to determine visibility on:
- Buttons (Manual actions)
- Components in a form
- Fieldsets in a form
A component in a form which can only be seen if a customer exists on the current record