Applying access control through Roles
Access control defines who is able to view and modify the form in different stages. For example, only the form administrator can change the layout of the form, while user access is restricted to opening and submitting the form. Creating this access control is done with Roles.
- Open to the Access tab.
- Know the difference between Closed and Open role types.
- Add a user type to the list of defined Roles.
- Assign users to the various Roles.
- Assign users to Stages.
Applying access control through Roles
Access control defines who is able to view and modify the form in different stages. For example, only the form administrator can change the layout of the form, while user access is restricted to opening and submitting the form. Creating this access control is done with Roles.
About this task
- Administrator – Users, or groups, with administrator privileges for an application.
- Initiator – Any user, or group, who can submit a form or initiate an application. You can set some applications to be available to all users, and some to be available to specific users, or groups.
- Record Owner – The user who submits the form. After a user initiates and submits a form, they become the Record Owner.
The users who submit Expense Reports are Initiators, and for this scenario the users who review the Expense Reports are Human Resources. As the Initiator role is already created, you must create the Human Resources role.
Procedure
- Click the Access tab.
-
Click the Add Role icon for the
Record Owner role.
A new role is created.
- Rename the new role Human Resources.
- All Authenticated Users
- Any user who is authenticated with your organization. Users must sign in with a user ID and password to access the application.
- Anonymous Users
- Any user who you want to work anonymously with the application. Anyone who has the link to the application can submit it, without signing in.
- Invited Users
- Any anonymous user who receives a unique URL generated from within stages when an application changes from one stage to another. A user who is not normally given access to the form in that stage can use that URL to participate in the workflow in that instance.
- Instance Creator
- The user who submitted a form.
-
In the Assign Users menu, select Initiator.
The Initiator role automatically has All Authenticated Users added. Access for this role is complete.
-
Select Human Resources from the Assign
Users menu.
Now that access to submit and review a form is set, edit the properties of the individual roles. For example, you want Human Resources to review and approve the form, but the form must be read-only unless it is returned to the user.
Remember the order of the workflow for our form: When the user submits the form, it moves from the Start stage to the Awaiting Approval stage. If a form is rejected because of errors, it is sent to the Approval Request stage, so the submitter can correct the errors and submit the form again.
-
Go to Stage SettingsExpense Report, and select Start.
You see that the Initiator has permission to Create and submit the form.
-
Go to Stage SettingsExpense Report, and select Approval
Request.
-
Go to Stage SettingsExpense Report, and select Awaiting
Approval .
- Save the application.
- Click the Manage tab and deploy the application and enter sample data into the form.
-
After you submit sample data, return to the form and click View Data from
the Manage tab.
Accept or reject the sample data to test the workflow elements you built into the form.