After reading this article you will know:
- What permissions are
- How permissions work in your application
- How to setup permissions
Permissions determine what a user can and can't do in your application. They are split in 5 different types: Read, Export, Create, Update and Destroy.
How permissions work
Permissions are given by adding roles to a user. By default, a user can do everything in your app. The user has to have at least 1 role to be able to use the app. Roles overlap each other so that if you have multiple roles, the permission that comes out on top is leading.
Roles can be found in every application. It is one of the default models. When creating a new application, 2 roles are created as well. The first is the admin role, a role which can do everything. The second is a role with the name of your application. This role can be used for users that are not building in the application but are using it.
You can create new roles or edit the existing ones. The fields on a role that are editable are:
Name: The name of the role.
Users: The users that have this role.
Create filters: Can the user create filters on views.
Create filters for others: Can the user create filters on views for others with this role.
Impersonate: Can the user impersonate other users in the application.
Can import: Can the user use the import function on views.
Next to the basic permissions, roles have settings for each model. A role sets read, create, update, destroy, and export permissions on a model. More about this can be found here: What are model permissions?
Roles in the Back Office
Views use roles to determine if a user can use the view. You can set the roles that may open the view in the View Settings. This also works on subviews.
You can also add permissions to actions. Only users with the required roles can execute the action. In the image below, you can see an action which can only be executed by users with the role Admin.
To add another layer to permissions you can add visibility conditions to almost anything that can be shown. You can use filters and expressions to determine visibility on:
- Buttons (Manual actions)
- Components in a form
- Fieldsets in a form