Table of Contents

Learning Objectives

By completing this lesson, you will be able to:
  1. Master how to create and configure application roles, and assign users to specific roles.
  2. Understand how to configure record-level permissions, including the concepts of "Participants" and "Owner" of data.
  3. Learn how to set field-level permissions to control which fields can be viewed or edited.
 

Scenario Case

 
The employee management system at MEGA Technology Ltd. has completed its core data modeling and page setup.
To further enhance data security and operational efficiency, the HR department aims to implement fine-grained permission settings, ensuring that access boundaries are clearly defined across different roles. The application is expected to meet the following permission requirements:
 
HR Role Requirements
  • HR have full permission to view, edit, and delete all form records.
 
Employee Role Requirements:
  • Employee Directory
    • Can view all data in the Team Showcase and Self Profile views
    • Can edit only their own profile and only specific fields: phone number, email, and employee photo
  • Course Table
    • Can view all course information
  • Course Participation Records
    • Can view their own participation records
    • Can edit their own participation records, but only fields related to course rating and feedback
 

Steps

 

HR Role

 
  1. Click the “User” icon in the top-right corner to access the role configuration page.
 
 
  1. Click “+Create Role” to create a new role.
 
 
  1. Name the role HR, choose Access to all app items (simple) and grant Permissions to view, edit, and delete all records. Then click Create.
 
 
  1. After the HR role is created, click Manage Users to go to the role’s user management page. In practice, add the relevant people, departments, or positions. Users assigned to this role will automatically inherit its permissions.
 
 

Employee Role

 
  1. Click “+Create Role” to create a new role named Employee, and choose Access to selected app items (Advanced).
 
 
  1. Configure which Items(Worksheets and Custom Pages)and Views the employee role can access for viewing and editing. After checking the options, click Settings in the Data Privilege column to configure Record-level permissions.
 
 
  1. In the Employee Directory section, go to the Record Range tab and allow view all and edit all records. Then switch to the Field tab to configure Field-level permissions.
 
 
  1. In the Field tab of the Employee Directory, allow editing only for Phone Number, Email, and Employee Photo.
 
 
  1. In the Course Table section, click the Setting and allow the role to view all records.
 
 
  1. In the Course Participation Record, set the role to view participated records and edit all records.
 
(Note: Edit permission is based on view permission, so this means they can edit all of records that they joined.)
 
 
  1. In the Field tab of the Course Participation Records, allow editing only for Course Rating and Feedback&Suggestions fields.
 
 
  1. Once configuration is complete, close the popup and click Create to finalize the Employee role. In practice, assign the appropriate users to this role.
 
 

Role Debug

 
  1. To verify if the role settings meet requirements, enable Role Debug in the top-right corner.
 
 
  1. After setup, return to the application page. The admin can use the Select Role menu in the top-right corner to test permissions from the perspective of different roles.
 
 

Hands-on Practice

 
Now, click the "Open the Practice App" button in the upper right corner of the page to access the hands-on application designed for this course, and start practicing!