App Level Security Overview

This topic gives a summary of the security settings for AgilePoint NX apps.

Portal Settings for App

These are the AgilePoint NX Portal settings for an app.

Video: App Permissions

Video: Set Application Permissions

Good to Know

How to Start

  1. Click Settings.

    Settings
  2. Click Tenant Settings.

    Tanent Settings

Settings

Settings Definition More Information

Enable App-Level Permissions

The user who creates a form-based app or process-based app becomes an App Owners by default. Other users can not see the app in the App Builder. The app owner must add app owners or designers on the Permission Groups for This App screen.

Lets you set access rights specific to an app as an alternative to applying access controls to all apps in your AgilePoint NX environment.

When you enable this feature, it only applies to new apps, not the apps that already exist. To apply application level permissions to your existing apps, you can change the settings for those apps as necessary..

Roles for All Apps

Specifies the roles for all apps in App Builder.

How to Start

  1. Click Manage.

    Click Manage
  2. In the Manage Center, click Access Control > Users.

    Click Users
  3. On the Users screen, click Expand a user.

    Click Expand User
  4. On the user detail screen, click Edit User.

    Click Edit User icon
  5. Click the Access Rights tab.

    Access Rights tab

Settings

Permission Group Definition Manage

Administrator

(role)

Administrators is the common system administrator role for the AgilePoint NX Portal. Any registered AgilePoint NX user can be assigned the Administrators role. There is no limit to the number of users who can be assigned the Administrators role. The Administrators role is subordinate to the Tenant Administrator.

App Builder permissions are different from Page Builder and Data Entities because in App Builder, Administrators and App Designers are based on roles. In Page Builder and Data Entities, these access rights are based on permission groups.

Note: The Administrators role is different from the AgilePoint NX System Administrator. The AgilePoint NX System Administrator is one person, independent of any accounts or permissions. Administrators is a security role that can be assigned to any NX Portal user.
Permissions:

This role has these permissions for all apps:

  • Manage permissions for App Builder.
  • Assign the App Designers role to users or groups in Manage Center.
  • Full acceess rights for all apps in App Builder.
  • Turn on App-Level Permissions in the Portal Settings

App Designer

(Role)

App Designer is a role for users or groups who have access rights to create, change, or delete any app in App Builder.

Unlike Entity Designers or Page Designers configured in Manage Center, App Designer is a role, similar to the Administrator or User role. Both the App Designer role, which applies to all apps, and the App Designerspermission group, which applies to specific apps, can be configured in Manage Center.

Permissions:

This role has permissions for all apps in App Builder. These permissions are overridden if permission groups are configured for a specific app:

  • Create app
  • Delete app
  • These permissions from App Designers permission group:
    • View app
    • Change app
    • Save app
    • Check in or check out the app
    • Publish app
    • Rename app
    • Import app
    • Export app
    • Add, change, and delete application resources
  • These permissions from App Initiators:
    • Start an app instance
  • These permissions from Report Viewers:
    • View applicattion data

Permission Groups for Specific Apps

Specifies to create the permission group for an app. These permission groups only have permissions for the specified app.

Prerequisites

  • On the Tenant Settings screen, set Enable Application-Level Permissions to Yes.

How to Start

  1. Click App Builder.

    Build Apps screen
  2. On the Application Explorer, select your process-based app.
  3. Click Permissions Permissions icon.

    Permissions

Settings

Permission Group Definition Manage

App Owners

App Owners configured in Manage Center or App Builder is a permission group for users or groups who have full access rights for a specific app in App Builder.

Permissions:

This permission group has these permissions for a specific app:

  • Manage permission groups
  • Delete app
  • Check in or check out the app on behalf of other users
  • Roll back the app version
  • These permissions from App Designers permission group:
    • View app
    • Change app
    • Save app
    • Check in or check out the app
    • Publish app
    • Rename app
    • Import app
    • Export app
    • Add, change, and delete application resources
  • These permissions from App Initiators:
    • Start an app instance
  • These permissions from Report Viewers:
    • View applicattion data

App Designers

(Permission Group)

App Designers is a permission group for users or groups who have access rights to create, change, or delete a specific app in App Builder.

The App Designers permission group can be managed in Manage Center or App Builder. This is different from the Entity Designers permission group for specific entities, which can only be managed in Data Entities, or the Page Designers permission group for specific custom pages, which can only be managed in Page Builder.

Permissions:

This permission group has these permissions for a specific app:

  • View app
  • Change app
  • Save app
  • Check in or check out the app
  • Publish app
  • Rename app
  • Import app
  • Export app
  • Add, change, and delete application resources
  • These permissions from App Initiators:
    • Start an app instance
  • These permissions from Report Viewers:
    • View applicattion data

App Initiators

App Initiators is a permission group for users or groups who have access rights to start a process-based app or form-based app.

Permissions:
This permission group has these permissions for a specific app:
  • Start an app instance
  • These permissions from Report Viewers:
    • View applicattion data
Limitations:
Users and groups can only be assigned to the App Initiators permission group after an app is published.

Report Viewers

Report Viewers is a permission group for users or groups who have access rights to view the application data in an eForm report view for a specified app.

Permissions:
This permission group has these permissions for a specific app:
  • View applicattion data
Limitations:
Users and groups can only be assigned to the Report Viewers permission group for an app after the app is published.