Skip to main content

Permissions in Grexx Platform

Note:

This article is about configuring permissions for your application users. For information about granting users permissions to develop your application in Grexx Studio, see Work with Grexx Studio.

Your application's permissions define what users can see and do in your application. You can use permissions to control which users can:

  • Perform activities, such as creating a new order, updating a user's details or closing an expense claim.
  • View each widget in a page or view. Widgets can contain text, images, details of cases - such as a supplier or product - and more.
  • View and click navigation items, such as the links on a menu bar.

If you are using the RESTful API, you can also grant permissions to read data from forms and datasets.

In line with information security best practices, users are not granted permission to view any data or perform any activities in your application by default. This ensures that users can only see the data that you have explicitly given them permission to view.

Rights and roles

Permissions in your application are managed using rights and roles.

Rights define what users in a particular role can see and do. By adding rights to an activity, you define the user roles that can perform that activity, and whether the activity is mandatory or optional. Similarly, you can add rights to widgets and navigation items to define the user roles that can view and interact with those items.

Roles are used to identify users. You can use platform roles to give users permissions that apply throughout the application. You can use casetype roles to give users permissions on individual cases, such as a particular order or customer. A single user can belong to multiple roles.

Configure permissions

To configure permissions for your application, you will need to:

  1. Create role names. You can use the same role name to create both platform-wide roles and direct or indirect roles on particular cases. You may have identified the role names you want to use - such as "Administrator", "Manager", or "Employee" - while designing your application.
  2. Create platform roles and/or add direct or indirect roles to casetypes. For more information, see Configure user roles.
  3. Grant those roles rights to perform activities and view widgets or navigation items as appropriate.
  4. Compile your application to deploy your changes to the Development environment and then add users to platform roles as required. (If you have configured casetype roles, users are added to the role for individual cases automatically as per the role settings.)
Tip:

As each of your DTAP environments is independent of the others, you will need to add users to each one separately. Although the same person may log in to both your Development and Testing environments, their user accounts are independent of each other and they may be added to different roles (and therefore have different rights) in each environment.

Next steps

To start configuring permissions so that users can view data and perform activities in your application, set up roles for different types of user. You can then grant these roles rights on different activities, widgets, and navigation items.