Field-Based Resource Access
Last updated
Last updated
Field-Based Resource Access assigns user permission(s) to a specific data submission based on a Resource referenced within the Form.
Let's imagine you are building a Clinic application, and wish to assign patients to physicians within the clinic. One of your requirements might be to ensure that only patient data is available to physicians who have been specifically assigned that Patient. Field-Based Resource Access can accomplish that by granting granular permissions to control what patient data the physicians have access to based on a reference to a given Resource.
Field-Based Resource Access is utilized by establishing Resources and referencing the Resource data as a means to grant form submission permission to a user group. When a Select Resource field is saved to a form, you can allocate that field to a Field-Based Resource Permission in the form's access settings. This is done by choosing the field within the Resource setting of the permission. When a user logs in and views the form, the user will be granted permission depending on what Group value (resource field) is saved within their user object. The following permissions can be defined for any resource field within the form.
Permission
Description
Read
The Read permission will allow a resource, defined in the submission, to read all of the submission data.
Create
The Create permission will allow a resource, defined in the submission to create or submit all of the submission data.
Update
The Update permission will allow a resource, defined in the submission to edit all of the submission data except for the Submission Resource Access and Owner information.
Delete
The Admin permission will allow a resource, defined in the submission, to delete all of the submission data.
The following example will build off the use case described above. Physicians will be created using a Resource. A Patient Resource will be used to create Patients and assign Physicians within the submission using a Select Resource. That Select Resource field will be configured within the Patient Resource access settings to grant granular permissions based on which Physician is accessing the submission.
This Resource will serve as the Physician database that will be used to assign Physicians to Patients.
Create a new Resource titled Physician
Add a Text Field called Physician Name, Email, and Password field to the Resource
Add a Role Assignment action to the Resource
Set the Resource Association to Existing Resource
Set the Action Type to Add Role
Set the Role to Authenticated
Use the Resource and make two submissions
Joe Smith | joe@example.com | abc123
Sally Fields | sally@example.com | abc123
This Resource is where Patients will be created and assigned their Physician
Create a new Resource titled Patient
Add a Text Field called Patient Name
Add a Select component called Physician that will reference the Physician Resource
Within the Data tab, set the Data Source Type to Resource
Set the Resource to Physician
Set the Item Template to {{ item.data. }}
Check the Save as Reference setting
Save the Resource
Click the Access tab. Within the Field-Based Resource Access section, set the following permissions
Read | Resource: Physician
Update | Resource: Physician
Save the settings
Permission
Description
Read
The Read permission will allow a resource, defined in the submission, to read all of the submission data.
Create
The Create permission will allow a resource, defined in the submission to create or submit all of the submission data.
Update
The Update permission will allow a resource, defined in the submission to edit all of the submission data except for the Submission Resource Access and Owner information.
Delete
The Admin permission will allow a resource, defined in the submission, to delete all of the submission data.
In the following example, Physicians mapped by the Select Resource field will have permission to Read and Create submission data for this Form.
Use the Resource and make four submissions
Physician: Joe Smith | Patient Name: A
Physician: Joe Smith | Patient Name: B
Physician: Sally Fields | Patient Name: C
Physician: Sally Fields | Patient Name: D
Modify the Login form action so it references the Physician resource when authenticating login credentials
Edit the User Login form within the project
Click the Action tab and edit the Login action
Click the Resource dropdown and select the Physician Resource
Save the Action
To test this workflow, Postman will be utilized to authenticate the users and to send the API requests to read and update submissions.
Utilize the Login form within the project to authenticate a Physician and receive a JWT token.
Perform a Post request against the Login form using Joe Smith Physician credentials
Copy the x-jwt-token from the response header to use in our GET request
Using the JWT token from the previous step, a GET request will be made to retrieve a Patient Resource submission
Within your Project, click the Data tab of the Patient Resource. We will take note of two different submission IDs
View a submission for Physician Joe Smith
Take note of the Submission ID appended at the end of the URL
View a submission for Physician Sally Fields
Take note of the Submission ID appended at the end of the URL
Within Postman, create a new request tab and set the request type to GET
Click Headers and add your JWT token to authenticate the request
Key: x-jwt-token | Value: abcd1234 (Your token ID from the previous step)
Within the Postman, apply the correct GET Submission API endpoint and perform the request
{{projectUrl}}/{{formPath}}/submission/{{submissionId}}
You should receive the submission JSON within the body of the response
Within the same request, change the Submission ID to a different Physician and perform the request You should receive an Unauthorized error within the response
These concepts will be applied to the Group Permissions workflow which is discussed in the next section.
