LogoLogo
Getting StartedDevelopersDeployment GuideGet Help
  • Quick Links
  • Welcome to Form.io
    • Getting Started With Form.io
    • Launch a Form
    • Overview of Form.io
  • Developer Tool Ecosystem
    • PDF Solution
    • Enterprise Form Builder
    • Form View Pro
    • The Security Module
    • Accessibility Compliance Module
    • Developer License
    • SQL Connector - Deprecated
    • Integration Libraries
    • Form.io CLI Tool
  • User Guide
    • Introduction
    • Form.io Developer Portal
    • Teams
    • Projects
      • Project UI
      • Project Settings
      • Stages
      • Multi-Tenancy
    • Resources
      • ResourceJS
    • Forms
      • Form Creation
      • Form Types
      • PDF Forms
      • Embedding a Form
      • Form Revisions
      • Form Settings
    • Form Building
      • Form Builder UI
      • Form Components
        • Component Settings
        • Basic Components
          • Resource as Select Component Data Source
        • Advanced Components
        • Layout Components
        • Data Components
        • Premium Components
          • Nested Forms
        • Custom Components
      • Logic & Conditions
      • Existing Resource Fields
      • Actions
    • Submissions
      • Accessing Submissions
      • Importing Submissions
    • Form.io eSignature - Coming Soon
    • Form.io Reporting Module
    • PDF Template Designer
    • Form View Pro
    • Form Manager
    • Enterprise Form Builder Module
      • Installation
      • User Guide
  • Developer Guide
    • Introduction
      • Application Development
      • API Documentation
    • Form Development
      • Form Renderer
      • Form Builder
      • Form Embedding
      • Form Evaluations
      • Form Templates
      • Custom Components
      • Translations
    • JavaScript Development
      • JavaScript SDK
      • JavaScript Frameworks
      • JavaScript Utilities
    • Authentication and Authorization
      • SAML
      • OAuth
      • LDAP
      • Resource Based Authentication
      • Email Authentication
      • Two-Factor Authentication
    • Roles and Permissions
      • Field Match-Based Access
      • Field-Based Resource Access
      • Group Permissions
    • Integrations
      • Email Integrations
      • File Storage
      • Google Developer Console
      • eSign Integrations
      • Relational Databases
    • Modules
    • Fetch Plugin API
    • CSS Frameworks
    • Offline Mode
    • Audit Logging
  • Deployments
    • Self-Hosted Deployment
      • Local Deployment
        • Local File Storage
      • Kubernetes
      • Cloud Deployment
        • AWS Deployment
          • AWS Lambda
          • Form.io/AWS Elastic Beanstalk End-To-End Encrypted Deployment
        • Azure Deployment
          • Azure App Service
            • Azure MSSQL Connector - Deprecated
          • Azure Virtual Machine
          • Azure Kubernetes Service
          • Set up the DB
        • GCP Deployment
          • GCP Cloud Run
      • On-Premise Deployment
      • Enterprise Server
      • PDF Server
    • Deployment Configurations
      • DNS Configuration
      • Load Balancer Configuration
    • Licenses
      • License Management
      • Library Licenses
    • Portal Base Project
      • Portal SSO
      • Portal Translations
    • Maintenance and Migration
      • Changes to Premium Libraries
  • FAQ
    • FAQ
    • Tutorials & Workflows
      • Password Reset
      • Dynamic Select Filtering
      • Approval Workflow
      • SSO Email Token
      • Embedding A Video
      • Data Source Validation
      • Select Data Source Options
      • Nested Form Workflows
        • Nested Wizard Forms
      • Save as Draft
      • Role-Based Conditions
      • Custom Component
      • Dynamic Radio and Select Box Values
      • Override CKEDITOR
    • Errors
    • Examples
    • License Utilization Checks
  • Contact Us
Powered by GitBook
On this page
  • What Are Field-Based Resource Access
  • Why Should I Use Field-Based Resource Access?
  • How Do I use Field-Based Resource Access?
  • Workflow Example
  • Create Physician Resource
  • Create Patient Resource
  • Modify Login Form
  • Test Workflow Using Postman

Was this helpful?

  1. Developer Guide
  2. Roles and Permissions

Field-Based Resource Access

PreviousField Match-Based AccessNextGroup Permissions

Last updated 1 year ago

Was this helpful?

What Are Field-Based Resource Access

Field-Based Resource Access assigns user permission(s) to a specific data submission based on a Resource referenced within the Form.

Why Should I Use Field-Based Resource Access?

Let's imagine you are building a Clinic application, and wish to assign patients to physicians within the clinic. One of your requirements might be to ensure that only patient data is available to physicians who have been specifically assigned that Patient. Field-Based Resource Access can accomplish that by granting granular permissions to control what patient data the physicians have access to based on a reference to a given Resource.

How Do I use Field-Based Resource Access?

Field-Based Resource Access is utilized by establishing Resources and referencing the Resource data as a means to grant form submission permission to a user group. When a Select Resource field is saved to a form, you can allocate that field to a Field-Based Resource Permission in the form's access settings. This is done by choosing the field within the Resource setting of the permission. When a user logs in and views the form, the user will be granted permission depending on what Group value (resource field) is saved within their user object. The following permissions can be defined for any resource field within the form.

Permission

Description

Read

The Read permission will allow a resource, defined in the submission, to read all of the submission data.

Create

The Create permission will allow a resource, defined in the submission to create or submit all of the submission data.

Update

The Update permission will allow a resource, defined in the submission to edit all of the submission data except for the Submission Resource Access and Owner information.

Delete

The Admin permission will allow a resource, defined in the submission, to delete all of the submission data.

Workflow Example

The following example will build off the use case described above. Physicians will be created using a Resource. A Patient Resource will be used to create Patients and assign Physicians within the submission using a Select Resource. That Select Resource field will be configured within the Patient Resource access settings to grant granular permissions based on which Physician is accessing the submission.

Create Physician Resource

This Resource will serve as the Physician database that will be used to assign Physicians to Patients.

  1. Create a new Resource titled Physician

  2. Add a Text Field called Physician Name, Email, and Password field to the Resource

  3. Add a Role Assignment action to the Resource

    • Set the Resource Association to Existing Resource

    • Set the Action Type to Add Role

    • Set the Role to Authenticated

  4. Use the Resource and make two submissions

    • Joe Smith | joe@example.com | abc123

    • Sally Fields | sally@example.com | abc123

Create Patient Resource

This Resource is where Patients will be created and assigned their Physician

  1. Create a new Resource titled Patient

  2. Add a Text Field called Patient Name

  3. Add a Select component called Physician that will reference the Physician Resource

    • Within the Data tab, set the Data Source Type to Resource

    • Set the Resource to Physician

    • Set the Item Template to {{ item.data. }}

    • Check the Save as Reference setting

  4. Save the Resource

  5. Click the Access tab. Within the Field-Based Resource Access section, set the following permissions

    • Read | Resource: Physician

    • Update | Resource: Physician

    • Save the settings

Permission

Description

Read

The Read permission will allow a resource, defined in the submission, to read all of the submission data.

Create

The Create permission will allow a resource, defined in the submission to create or submit all of the submission data.

Update

The Update permission will allow a resource, defined in the submission to edit all of the submission data except for the Submission Resource Access and Owner information.

Delete

The Admin permission will allow a resource, defined in the submission, to delete all of the submission data.

In the following example, Physicians mapped by the Select Resource field will have permission to Read and Create submission data for this Form.

  1. Use the Resource and make four submissions

    • Physician: Joe Smith | Patient Name: A

    • Physician: Joe Smith | Patient Name: B

    • Physician: Sally Fields | Patient Name: C

    • Physician: Sally Fields | Patient Name: D

Modify Login Form

Modify the Login form action so it references the Physician resource when authenticating login credentials

  1. Edit the User Login form within the project

  2. Click the Action tab and edit the Login action

  3. Click the Resource dropdown and select the Physician Resource

  4. Save the Action

Test Workflow Using Postman

To test this workflow, Postman will be utilized to authenticate the users and to send the API requests to read and update submissions.

Authentication

Utilize the Login form within the project to authenticate a Physician and receive a JWT token.

  1. Copy the x-jwt-token from the response header to use in our GET request

GET Submission Request

  1. Within your Project, click the Data tab of the Patient Resource. We will take note of two different submission IDs

    • View a submission for Physician Joe Smith

    • Take note of the Submission ID appended at the end of the URL

    • View a submission for Physician Sally Fields

    • Take note of the Submission ID appended at the end of the URL

  2. Within Postman, create a new request tab and set the request type to GET

  3. Click Headers and add your JWT token to authenticate the request

    • Key: x-jwt-token | Value: abcd1234 (Your token ID from the previous step)

  1. Within the same request, change the Submission ID to a different Physician and perform the request You should receive an Unauthorized error within the response

These concepts will be applied to the Group Permissions workflow which is discussed in the next section.

Perform a request against the Login form using Joe Smith Physician credentials

Using the JWT token from the previous step, a request will be made to retrieve a Patient Resource submission

Within the Postman, apply the correct endpoint and perform the request {{projectUrl}}/{{formPath}}/submission/{{submissionId}} You should receive the submission JSON within the body of the response

Post
GET
GET Submission API