search string side menu

Access permissions in ELMA365 > Access to app data / Restrict access to specific app items

Restrict access to specific app items

This is the most specific access restriction option that allows you to assign specific permissions for certain app items to different users.

Use this option to configure permissions individually for each app item. Let’s say each sales rep in the sales department has access only to the contracts they work with. Data from contracts is considered confidential and cannot be shown to any other employees. Then you can grant the permission to view and edit a contract to its Author and employees specified on the contract’s page as the Superior and the Approver.

With this access restriction option, you can also grant additional permissions for specific app items to let users complete one-time tasks. You can do so:

  • On app item pages.
  • In business process settings.

начало внимание

Only users included in the Administrators group can grant and restrict permissions to individual items in an app’s access settings.

конец внимание

Note:

  1. You can select a different access restriction option:
  1. Employees who regularly work with an app should be granted access to the workspace it belongs to and the app itself. Then they will be able to see all the data that they have access to by opening the app via the left menu.
  2. If some employees need one-time access to specific app items, for example, in business process tasks, they don’t need access to the workspace and app. They can open the app item page using a direct link, for example, from tasks.

If you want to restrict access to specific items, first set up general access permissions applied to all app items by default:

  1. Click the gear icon to the right of the app’s name and select Access Settings.
  2. Enable the following options: Restrict access to data > Restrict access to app items.
  3. Select who you want to assign permissions to. To do that, click the +Add button. This can be:
    • A user, a group, or an org chart item.
    • Author. The user who created the app item.
    • App property. Select a property of the Users or Role type. The permissions will be granted to employees specified in the selected field on the app item’s page. Let’s say there is a Users type property named Approvers in the Contracts app. When a new contract is created, the author specifies users who are going to approve it in this field. In a Role type field, you can select users, groups, or org chart items.

Note that if you added an App property to the table, it will be used as a parameter for advanced search. You cannot disable the Search and sort by field option for this property.

  1. Tick the types of access permissions you want to grant and click Save.

Note that general settings are automatically applied to all items created in the app. They cannot be revoked.

Setting permissions with a Users type property

The Contracts app includes the context variable Responsible of the Users type. Let’s configure the settings so that the CCO and the CFO can see all contracts, and other employees see only contracts they are responsible for. To do that:

  1. Open the Contracts app’s access settings.
  2. Enable the following options: Restrict access to data > Restrict access to app items.
  3. Delete the Author role from the table.
  4. Click the +Add button.
  5. Select Org chart item and add the CCO and CFO. They need to have full access to app items.
  6. Click the +Add button again.
  7. Select the App property option.
  8. In the drop-down list on the right, select Responsible.

element-right-1

  1. Tick the following permissions for the Responsible: View/Read and Edit.
  2. Save the settings.

Now the author won’t be able to view or edit a Contracts app item. Only the CCO and the CFO have full access to all items. They can open a contract and select a user in the Responsible field. Only this user will be able to view and edit the contract’s page.

You can find another example of configuring access to specific app items in the Combinations of access permissions article.

Additional permissions for specific app items

If you select the Restrict access to app items option, you don’t have to assign permissions to all users who may work with an app’s items in the access settings.

If a user doesn’t work with an app’s items regularly, you can grant them additional permissions to let them complete one-time tasks. This can be done:

  • On an app item’s page. Note that apart from the administrator, this can be done by users with the Assign Permissions access option.
  • In the business process settings.

начало внимание

Additional permissions can only be granted if you selected the Restrict access to app items option in the app’s access settings.

конец внимание

Grant additional permissions on the app item page

It is possible to grant permissions to a certain app item on its page. This can be done by users with the Assign Permissions access option. Note that this is only available if you restricted access to specific app items.

Let’s say in the Job Openings app, only the HR department manager works with management positions. If this user is allowed to assign permissions, they can give another employee access to work with a certain job opening.

To grant or restrict access to a specific item:

  1. Go to the app and click the app item or open it using a direct link.
  2. Click the lock icon in the upper right corner.  

element-right-2

In the window the opens there are two sections:

  • Common permissions for app items. In this section, you will see access settings applied to all items of the app. Settings specified here cannot be revoked.
  • Specific permissions. Here you can grant access to the app item to someone who is not added to the first section.
  1. Specify who you want to set additional permissions for. To do that, click the +Add button. You can choose a user, a group, or an org chart item.

element-right-3

  1. Tick the types of access permissions you want to grant and click Save.

Grant additional permissions in a business process

When users work with app items in business process tasks, access settings that are first checked are:

To let a user work with certain app items for one-time tasks, the administrator can grant additional permissions in a business process:

Note that you can only assign additional permissions in a business process if the Restrict access to app items option is selected in the app’s access settings.

Let’s say access is set up for specific app items in the Contracts app. Users can only view contracts that they created. An employee is assigned the task to review a contract created by another user. In this case, granting the necessary permissions in the swimlane allows the employee to view the contract.

Permissions granted in the business process settings are displayed in an app item’s permissions settings, in the Specific permissions section.

element-right-4

You can find an example of granting temporary permissions using the App Item Permissions activity in the Combinations of access permissions article.

folder-rights.html rights-combinations.html

Found a typo? Highlight the text, press ctrl + enter and notify us