search string side menu

Access permissions in BRIX > Access to app data / Restrict access to specific app items

Restrict access to specific app items

This is the most specific access restriction option that allows you to assign permission rules for certain app items to different users.

Use this option to configure permissions individually for each app item. Let’s say each sales rep in the sales department has access only to the contracts they work with. Data from contracts is considered confidential and cannot be shown to any other employees. Then you can grant the permission to view and edit a contract to its Author and employees specified on the contract page as the Superior and the Approver.

With this access restriction option, you can also grant additional permissions for specific app items to let users complete one-time tasks. You can do so:

  • On app item pages.
  • In business process settings.

начало внимание

Only users included in the Administrators group can grant and restrict permissions to individual items in app access settings.

конец внимание

Please note:

  1. You can select a different access restriction option:
  1. Employees who regularly work with an app should be granted access to the workspace it belongs to and the app itself. Then they will be able to see all the data that they have access to by opening the app via the left menu.
  2. If some employees need one-time access to specific app items, for example, in business process tasks, they don’t need access to the workspace and app. They can open the app item page using a direct link, for example, from tasks.

If you want to restrict access to specific items, first set up general access permissions applied to all app items by default:

  1. Click the gear icon to the right of the app name and select Access Settings.
  2. Enable the following options: Restrict access to data > Restrict access to app items.
  3. Select who you want to assign permissions to. To do that, click the +Add button. This can be:
    • A user, a group, or an org chart item.
    • Author. The user who created the app item.
    • App property. Select a property of the Users or Role type. The permissions will be granted to employees specified in the selected field on the app item page. Let’s say there is a Users type property named Approvers in the Contracts app. When a new contract is created, the author specifies users who are going to approve it. In a Role type field, you can select users, groups, or org chart items. The search and sort option is enabled for the selected app property. You cannot disable the option.
  4. Specify which types of permissions will be available to the selected objects.
    For the Author and App Property options, you cannot grant full access, as well as export and import permissions. These types of permissions are set at the app level, whereas the author and user in the property are defined after each item is created. Therefore, permissions for such employees are checked and granted individually for a specific item. Read more about applying different types of permissions to different system objects in BRIX TS SDK.
  5. Configure the options:
  • Enable permissions inheritance based on org chart subordination. By default, managers are granted the same access rights to the app as their subordinates. To restrict access, disable the option.
  • If access is denied, hide the list of users who can grant access rights. By default, an employee without access rights will see a list of users with the privilege of granting rights when trying to open the page of an app item. To hide the list, enable the option.
  1. Click Save.

Please note that general settings are automatically applied to all items created in the app. They cannot be revoked.

Setting permissions with a Users type property

The Contracts app includes the context variable Responsible of the Users type. Let’s configure the settings so that the CCO and the CFO can see all contracts and other employees see only contracts they are responsible for. To do that:

  1. Open the Contracts app access settings.
  2. Enable the following options: Restrict access to data > Restrict access to app items.
  3. Delete the Author role from the table.
  4. Click the +Add button.
  5. Select Org chart item and add the CCO and CFO. They need to have full access to app items.
  6. Click the +Add button again.
  7. Select the App property option.
  8. In the drop-down list on the right, select Responsible.

element-right-1

  1. Tick the following permissions for the Responsible: view/read and edit.
  2. Save the settings.

Now the author won’t be able to view or edit a Contracts app item. Only the CCO and the CFO have full access to all items. They can open a contract and select a user in the Responsible field. Only this user will be able to view and edit the contract page.

You can find another example of configuring access to specific app items in the Combinations of access permissions article.

Additional permissions for specific app items

If a user does not work with app items regularly, they may not be assigned access to the data in the app settings, as long as the restriction to the app item is applied.

In this case, additional rights can be granted for one-time tasks with certain items:

  • On an app item page. Apart from the administrator, this can be done by users with the Assign Permissions access option.
  • In the business process settings.

начало внимание

Additional permissions can only be granted if you select the Restrict access to app items option in the app access settings.

конец внимание

Grant additional permissions on the app item page

It is possible to grant permissions to a certain app item on its page. This can be done by users with the Assign Permissions access option. Please note that this is only available if you have restricted access to specific app items.

Let’s say in the Job Openings app, only the HR department manager works with management positions. If this user is allowed to Assign Permissions, they can give another employee access to work with a certain job opening.

To grant or restrict access to a specific item:

  1. Go to the app and click the app item or open it using a direct link.
  2. Click the lock icon in the upper right corner.  

element-right-2

In the window the opens, there are two sections:

  • Common permissions for app items. In this section, you will see access settings applied to all items of the app. Settings specified here cannot be revoked.
  • Specific permissions. Here you can grant access to the app item to someone who is not added to the first section.
  1. Specify who you want to set additional permissions for. To do that, click the +Add button. You can choose a user, a group, or an org chart item.

element-right-3

  1. Tick the types of access permissions you want to grant and click Save.

Grant additional permissions in a business process

When users work with app items in business process tasks, access settings that are first checked are:

To let a user work with certain app items for one-time tasks, the administrator can grant additional permissions in a business process:

Please note, that you can only assign additional permissions in a business process if the Restrict access to app items option is selected in the app access settings.

Let’s say access is set up for specific app items in the Contracts app. Users can only view contracts that they created. An employee is assigned the task to review a contract created by another user. In this case, granting the necessary permissions in the swimlane allows the employee to view the contract.

Permissions granted in the business process settings are displayed in an app item permissions settings, in the Specific permissions section.

element-right-4

You can find an example of granting temporary permissions using the App Item Permissions activity in the Combinations of access permissions article.

folder-rights.html rights-combinations.html