Hi Community!
As we briefly touched on during the product spotlight at Developalooza, we are working on making conditional permissions available in Appfarm.
Before we roll it out more broadly we’d like to get conditional permissions in the hands of a few more developers. To do that, we are opening up a beta program. If you have a solution that you think could benefit from conditional permissions, read through the eligibility section at the bottom of this post and fill out the enrolment form.
What are conditional permissions?
Conditional permissions provide an additional layer of data access control across a solution. You can define which users have access to read and manipulate the data within an object class, based on the user’s roles and the data itself.
Conditional permissions are configured at the object class level, either in the data model or under permissions. The permissions are evaluated at runtime prior to a database operation, regardless of where the operation stems from. So the same permissions apply whether data is being accessed or altered via apps, services, or GraphQL.
Through careful setup of conditional permissions you can prevent unwanted data ending up in the client. If you have a data source with Read All Objects selected, with conditional permissions configured the end user will still only have access to the data specified by those permissions.
How can you use conditional permissions?
Here are some examples for how you can apply conditional permissions. You can add multiple permission definitions per object class operation, which can be used to ensure that some users have restricted access while other users retain full access.
Limit access to specific objects based on roles. For example, restrict access to Cases marked High security to user roles with the appropriate security clearance.
Limit access to objects connected directly to a user. For example, restrict access to Employee objects with a filter to match only the Employee object connected to the Current User.
Limit update access to created by a user. For example, a user role may have read access to all Projects but only update permissions for Projects they have created.
Allow all access. For example, grant an Administrator role access to all objects in an object class. This would typically be used in conjunction with more restrictive permissions for other roles.
For more details on configuration, see the documentation.
Beta access eligibility
The beta program is open to solutions on the Essential, Professional, and Dedicated subscription tiers. Note that for Essential subscriptions, conditional permissions will be a paid add-on following the completion of the beta program.
By enrolling in the beta program you agree to complete a short interview and/or survey towards the end of the program.
Interested? Great! Fill out the enrolment form and we’ll be in touch: https://forms.gle/SHgRrtoPJAvbbnMb9.