How to configure application-permissions

Intrexx provides multi-level permissions to manage which users have access to certain applications, pages, datagroups, files, search-configurations or web-sockets. In this post I want to show you what this means and give you hints on how to use the permissions-module.

In Intrexx you can grant permissions to every unit in your user-module. This may be single users, groups or any other type of element you find in the user-module. I really don’t recommend to grant permissions to single users. That’s why I’ll skip that part and focus on groups.

Levels of permission

You have to set the permissions for every single application in your portal. Application permissions in Intrexx work on several levels.

Let’s start with the first level: Granting access to the application in general. In this part, you can define if the user is able to access the application in the browser, or if he is even allowed to modify the application with the portal-manager.

The second level is to grant access to certain pages. Here you can define if a user can access the page or not.

The third level is to grant access to datagroups. This level offers a few more options as the ones before.

  • full-access
  • read
  • read(own)
  • create
  • change
  • change(own)
  • delete
  • delete(own)

As you can see, Intrexx has the possibility to tell who the owner of a single record is.

There are two additional level which aren’t really important for now.

Effects of permission

So how will you know you don’t have access to something?

It’s pretty simple actually:

  1. Not permission to access a page? Intrexx hides any links that target this page.
  2. Are permissions to Create, Change or Delete a record missing? Intrexx will hide the corresponding button, as well.
  3. Records won’t show up, if you don’t have the permission to read them.

Create Groups

For setting up permissions to an application, you first have to define how many different groups are using the application. Usually, I assign at least two groups to each application. Admins and Users. Intrexx already comes with these two groups. But I recommend you define and create your own groups that are specific to this application. You can export them as part of the application package, in order to transfer the application to another portal.

You can create new groups in the users-module by navigating to the container you want the group created in and right-clicking into the view-area that shows the content of this container and select New > New group.

In this example I created the groups BasicAdministrators and BasicUsers.

New groups in the Users module.

Use the new Groups

After creating the groups, head back to the application and open the item Application > Access permissions . Now start adding the new groups to application, pages and datagroups.

Usually admins have full-access to everything. Depending on the application, other users may only be able to see an overview-page, listing all entries the user is supposed to see. In this example I add the BasicUsers only to the All entries page, so they won’t have access to any other page of the application.

Page Access permissions for BasicUsers

After that I add BasicUsers to the Data group as well, so they don’t only see the page, but also the records inside the table. For now, read-only will suffice for BasicUsers, while BasicAdministrators get full-access.

Finally publish the application and test the changes by logging in as a user that is member of the group BasicUsers and another user that is member of the group BasicAdminstrators. As you can see in the two screenshots, the BasicAdministrators have a different view as the BasicUsers.

View as BasicAdministrators
View as BasicUsers

Adding additional permissions

So after this first test, I want to show you one more thing. For this I add permissions for the BasicUsers to use the Edit Page as well. However, they don’t get permission to create, edit or delete data from the Data Group. How does it look now?

View as BasicUsers, with additional permission to Edit Page
Edit Page as BasicAdministrator
Edit Page as BasicUser

As you can see. The BasicUser can now open the Edit Page and also edit the data. However, he is not able to see and click the Save or Delete button. In order to use them, he needs the appropriate permissions.

Permissions in Intrexx

This is a small but very good example of how permissions in Intrexx work. Basically as long as permissions aren’t configured, no one has access to anything except for the Administrators. The Administrators are like Super-Admins, they can do anything, but there still ways to lock them out as well. I’ll definitely show that in a later post someday.

How do you know you don’t have access? Intrexx usually just hides content the user isn’t allowed to see. But if the user enters an URL of a page or record he doesn’t have access to, Intrexx throws an error. Since most users won’t enter a URL they don’t know, they won’t know they are missing something, until they hear someone talking about that new feature and they start wondering. That’s why it’s so important to test the whole application with each role that is used.

I hope this post helped you understand, how permissions in Intrexx work and how you can use them. If you have any questions regarding this post, feel free to leave a comment.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.