Role-Based Security
Role-based security is Essembi is managed at the team level. Each team gets rights to access individual objects in Essembi - workspaces, views, forms, data models, tables, teams and users.
Security Items by Object
A security icon will show in the top right hand corner of objects that a user has "Edit All" or "Edit Specific" security access to. Selecting the icon opens the security settings for that object / record.
The security settings form will show the security options across the top and the teams to grant access for down the left. Administrators can utilize the check boxes to build out the security.
If a user only has the "Edit Specific" security setting, the security items that affect "all" of this type of object will be disabled.
Workspaces
- Workspace - Create: Controls the ability to create new workspaces.
- Workspace - Edit All: Controls the ability to edit workspaces and the views contained within the app.
- Workspace - View All: Controls the ability to see all the views within the app.
- Workspace - Edit Specific: Controls the ability to edit this particular workspace and all the views contained within the workspace.
- Workspace - View Specific: Controls the ability to only view this particular workspace and all the views within the workspace.
In order to view a workspace, a user's team needs to have either "View All", "View Specific" or "Manager" access at the workspace level or "View Specific" access at the view level.
This enables administrators to grant teams access to every view in a workspace or only specific views.
Views
- View - Edit Specific: Controls the ability to edit the specific view.
- View - View Specific: Controls the ability to see the specific view.
Teams must have "View All" or "View Specific" access at the data model level to access a specific view within a workspace.
Forms
- Form - Create: Controls the ability to create new forms.
- Form - Edit All: Controls the ability to edit all forms.
- Form - Edit Specific: Controls the ability to edit a specific form.
- Form - Enter Data: Allows for opening the form to create / edit records.
Data Models
- Data Model - Create: Controls the ability to create new data models.
- Data Model - Edit All: Controls the ability to edit all data models.
- Data Model - Edit Specific: Controls the ability to edit a specific data model.
- Data Model - View All: Controls the ability to access all data models via views or forms.
- Data Model - View Specific: Controls the ability to access views or forms for this data model.
Tables
- Table - Create: Controls the ability to create a new table in the system.
- Table - Edit Form Layout: Controls the ability to edit form layouts for this table. This control is also granted with "Enter Data for All" access.
- Table - Enter Form Data: Allows opening a data entry form for this table. This control is also granted with "Enter Data for All" access.
- Table - Edit All: Controls the ability to edit all table configurations.
- Table - Edit Specific: Controls the ability to edit a specific table configuration.
Teams
- Teams - Create: Controls the ability to create new teams.
- Teams - Edit All: Controls the ability to edit all teams.
- Teams - Edit Specific: Controls the ability to edit specific team.
Users
- Users - Create: Controls the ability to create new users.
- Users - Edit All: Controls the ability to edit all users.
- Users - Edit Specific: Controls the ability to edit specific user.
Security for Settings
General access to the settings menu in the system is controlled by the "Access Settings" flag at the team level.
Once a team has access to the general settings menu, each of the settings menu options is only shown if the team has access to create, edit all or edit specific for that specific type of record.
Security Reporting
The "View Access" button is available on the team form to show the security access set for each team and where it is inherited from for easy maintenance. The report shows the following:
- Object Type
- Object Name
- Access Type
- Team: Either shows this team or the parent team.
- Explicit Access: If true, means this team has been granted direct access. If false, means this security has been inherited by this team.
Security Inheritance by Parent Team
Security is inherited from parent teams to child teams for items that are not explicitly set at the child-team level.
Security for Filters
Security to enable individuals to save view filters for everyone versus just their individual user is established at the team level. Set the "Save Filters for Everyone" flag for teams that should be able to save filters for all users.
Security when Creating a New App
When a new app is created, the new app's "Administrators" group is given the following security access:
- User: Create, Edit All
- Team: Create, Edit All
- Data Model: Create, View All
- Form: Create, Edit All
- Workspace: Create, Edit All, View All
- Table: Create, Edit All, Manage All