Permissions
Aptono uses permissions to determine which information can and cannot be send to which user. There are three types of permissions:
- Permission tags
- Individual permissions
- Parametric permissions
- Creator right
Each type and its use case is explained below.
Permission tags
Permission tags are used for grouping login accounts that need to have the access to the same information. This can be multiple collections, tabs, records or forms. It can also be useful if you want give a login accounts access to multiple collections without having to add it to all the separate collections one by one. You can imagine a permission tag as a key that fits in multiple keyholes.
To create a new permission tag, make sure you are logged in as administrator and go to the admin window (see here). Click on the 'Permissions' section. Then click on 'Add Tag':
A new permission tag will be added to the 'Available permissions' list. You can modify its name and description. The list also monitors its use throughout the dashboard. 'Uses' indicates in how many places the tag is required to get permission to the data (collection, tab, form, etc). 'Providers' indicates in how many locations the tag is provided in a field to assign to a login account.
Individual permissions
Permissions can be granted based on a single user. The user is selected by its 'Display name', which is the name assigned to the login account, in the field where the login account is created.
Parametric permissions
Parametric permissions allow a collection administrator to grant users access to data based on the data within an record. Parametric permissions can be used in the following collections permission settings only:
- Read record
- Update record
To define a parametric permission, the collection needs to have either have a field with a login data type directly, or reference to a record with a field with the login data type. This can be a single reference or a multi reference field type.
To make its use case a bit more clear: image a collection 'Project' that has a field called 'Team members' which is of type 'Multi reference to other record', which references to a collection 'Employees'. The collection 'Employees' has a field with the login data type. In some cases it might be desired to only allow 'Team members' to update the 'Project' record. To do this, the administrator of the 'Projects' collection uses a parametric permission, that refers the 'Team members' field. Note that logins accounts can only be one reference away from the collection where the parametric permission is defined.
Creator right
Creator rights are assigned by default when a new collection or environment is created. This gives access to the login account which has created the collection or environment. Note that this permission can be deleted if desired.
Using the permissions window
To set permissions for a certain object, click on the padlock icon. Then click on the 'Add right' button:
Depending on where the permission will be created (environment, collection etc), different types of permissions will be available.