TABLE OF CONTENTS
Here is the current rule of thumb when it comes to restricting visibility/access to content across the platform:
- Access Permissions control the user's visible areas and abilities on the website.
- User Groups and Folders control what specific Screens and other content the user sees on the website and app.
- Formula filters can control what the user sees within a specific Screen on the app.
Restricting Control Levels and Access to Areas of the Website
If you want to give users limited access to parts of the secure website, you can do this via the Access Permissions section found on the Edit User page. Simply head to Menu -> Users -> roll over a user in the listing and hit "edit user." Then choose the access level and specific areas to which the user will be permitted.
Access levels control what the user can do:
- Read Only access level provides viewing only power to the user
- Read/Write allows the user to modify content and allows them to access most functionality
- Administrator users have full control over all aspects of the system.
They are also the only user level that have access to administrative areas of the website menu such as Organization Setup, Users etc.
Access areas control the website areas/features that the user is permitted to see. Simply unselect the areas you want to keep the user from accessing. E.g., unselect the App Builder area to remove that option from their navigation menus when they log into the website.
Restricting Access to Screens and Docs
Restrict Access by Folder
If you want to show different sets of Screens to different sets of users (e.g., let managers see additional Screens), then you should create Folders and assign the relevant Screens and Docs to these. Generally, these Folders should be modeled on the specific role or other app user groupings you wish to control, and you need to make sure the relevant users have been given access to the respective Folders.
You can turn on access restrictions on a per folder basis, granting access to the Folder by user group and/or on a per user basis. Note, however, that whenever restricted access is enabled for a folder, all screens must be placed inside a folder to be visible to the app user. Any screens not within a folder will be hidden from view when restricted access is enabled for one or more folders.
Manage Access Easier with User Groups
User groups make it easier to manage large numbers of users by creating groups to represent the various units/departments in your company account. This approach ensures that you don't experience issues like different departments seeing and/or modifying content that belongs to other departments.
- Create new user groups via the Menu -> User Groups page.
- Once you have created Groups, assign users to the relevant Groups via the Group Memberships section of the user details page:
- You can then assign these Groups to specific Folders via the Folder Settings popup, which is accessible via the little "cog" icon found next to each Folder name in the Screens, Docs and Data Sources listing pages.
TIP: Setting up group permissions for a form will also restrict visibility of data entries associated with that form. If a user is a Read-Only or Read/Write user on the online platform, the user will be unable to see any data entries associated with a form restricted to a group in which the user is not a member. Admins or higher, however, can still see any form entries regardless of group membership.
Restrict to Group
Individual screens can be hidden from all but one group of users via the "Restrict To Group" property on the screen Settings page. Simply choose a group in the drop-down to restrict the form to members of the chosen group. Users with web site access who who do not belong to this group will not be able to see the screen on the dashboard.
Restricting Screen Access/Visibility on the App
If you employ Folders as mentioned above, then your users will only see what you grant them access to. Another option is to create your own custom app start screen. You can do this by using the "Start Screen" option found on the App Builder -> App Setup page. If you create a custom Icon Board screen for example, you can then apply visibility formulae to dynamically show/hide the respective icons of that Screen.
Filter Data Rows Prior to Being Sent to the App
If you need to restrict data rows seen by the user based on complex business rules, then you should consider the following options.
Run a Hosted GET Web Service
One way to do this is to host the rows of the Data Source on your own server and use our Hosted GET connector option on the Data Source in question. This means that your Hosted GET web service will have the ability to apply user-specific filtering on the data when the app requests the rows. Hosted GET gives you maximum flexibility to apply whatever business rules you need, but it does require software developer skills to create the web service.
Use Our Sync Product
This is our "integration in a box" standalone product, which you install locally on your server. Sync automatically creates a database and auto-populates this database with Form entry data as needed. The product also automatically exposes Hosted GET services based on database tables that you nominate. So, this means that you can enjoy the benefits of Hosted GET without needing a programmer - simply install and configure Sync to handle the integration for you. Talk to our customer success team for more information and a free trial of Sync.
Filter Data Rows Dynamically On the App
Another way to control visibility of data and Screens is by using our powerful formula engine functionality, which is available wherever you see the little "hammer" icon in Screen designers. You can leverage our formula functionality to filter and show/hide items in the following ways:
Apply "In-Screen" Filtering
Depending on the Screen in question, you can also apply app-side dynamic filters to Data Source rows by using our formula engine. For example, on a Form screen, you can specify a filter formula on Choices and Data Source type fields. Similarly, filters can be specified as parameters when opening Listing and Mapping screen types.
User Metadata is a set of keys/values that you can define on each user (via the Menu -> Users -> Edit User page or through the User API). You can set up user-specific data as needed and then refer to these in a filtering formula via the USERMETA() formula function. For example, you could add the employee's group/role code as metadata, and then filter rows where the role/group column equals the user's metadata value.
Apply Cross-Screen Context with Global Values
Global Values are device specific key/values that you can assign/set through a Form Screen, using the "Bind to Global Value" property available on most field types. This allows you to get and set a value, accessing it by a key name of your choosing. You can also refer to global values in any filter formula via the GLOBALVAL() function. Global Values are a great way to have the user set a "context" for their app session, with that context selection then being available to any Screen's formula areas.
Consider this example:
- Have the user select their current job/project context (which is bound to a Global Value) via a simple Form. The Form should be configured to NOT upload on completion, thus saving many meaningless Form entry submissions. You can configure this "no upload" behavior via the "Do Not Upload Data" option found on the Settings page of every Form Screen.
- Design your other app screens to apply filtering and visibility formulae by referring to the saved user context via the GLOBALVAL() function. This way the context the user chooses will "follow" them through the other app screens they see and use.