Security permissions for Form definitions and Form Attachments

Learn about security permissions for form definitions and form attachments

Last published at: January 8th, 2025

By default, an average user can only view the form definitions they have created or have permission to view. They can also view form definitions developed by other users if other users give them permission. Based on the “Permissions” assigned by the admin or the user who created the definition, the average user can “View,” “Design,” or “Remove” the form definition.

Admin users can restrict the permission to view and design and remove access to the process definition for regular users by clicking on the “Permissions” menu item.

 

The Manage Permissions page is rendered as below. On the UI, you may configure permissions for the Form definition and any form attachments this definition instance may have during runtime. 

 

You can just select the attachment permission from the drop-down list below. You may choose one of the permissions provided here. The available permissions are to apply the global configuration; all users can access it, only users involved in the form, only users engaged in the form and process, only the people who attached files to the form, and only the person who attached the file. Click the Save Permission button to confirm. 

 

Search and add the desired user(s) for whom permission must be set for the selected definition. Users should at least type 3 char(s) to initiate the search. Select the user from the list and click the "Add" button.

 

The admin user can allow any or all the process definition permissions for the selected user by checking the view, design, and remove checkboxes. The user can only have access to these permissions. Above, the “RegularUser” can view and design the selected process definition but does not have permission to remove it. The admin user can grant permission to create and remove by choosing the "Save Permissions" button.

 

The admin user can revoke permissions by selecting the "Remove Permissions" button.

 

A confirmation message is displayed in the top right-end corner. 

 

Lock and Unlock form definitions.

By default, an average user can only view the form definitions they have created or have permission to view. They can also view form definitions developed by other users if they are given permission. Based on the “Permissions” assigned by the admin or the user who created the definition, the average user can “View,” Design,” or “Remove” the form definition.

The definition is locked to the user creating/modifying the process. There is no concept of building forms collaboratively, and the definition is unlocked only after the changes are saved and closed. 

 

Another user with View / Design / Remove permissions can unlock the locked definition and lock it for further modification. The first user cannot save the changes now that the definition is no longer locked to self. The application shall alert the first user on the lock status and the username for making the changes. This safety check thus prevents the contents from being overwritten by concurrent usage.