Groups are collections of users which you want to share equal access, but the relationship doesn’t warrant the creation of a specific role. Group based permissions can be achieved with Field Based Resource Access.
Note: Only users with edit access to a group can add users to the group itself.
Groups can be configured in three ways:
- Group and User Resources - Add Users to groups on creation
- Group, User, and GroupUser Resources - Add Users to groups after creation
- Group, User, PublicUser, and GroupUser Resources - Allows non-Administrative users to create and maintain groups of users.
The benefit of using a third and forth resource, PublicUsers and GroupUsers, is that they act like join tables and allow you to make groups at will. With four resources, you can safely allow non-administrative users to configure groups (selectively filtering sensitive data).
Since non-administrative configuration (#2) is most commonly used, we will cover that here. Below are the following Required resources, their components, actions and any permissions, necessary for Groups to work; You may add any additional components and actions that you would like.
Steps to set up
Steps for Group, User, and GroupUser group access configuration
- Create User resource (or use existing default User resource)
- Email (Email component)
- Password (Password component)
- Create Group resource
- Name (Text component)
- Create GroupUser resource
- Group (single Select / Resource component of Group resource submissions)
- User (single Select / Resource component of User resource submissions)
Note: both Group and User components in GroupUser resource can only be Single Selects. If you need one user to be assigned to multiple groups, you'll need to create multiple submissions of GroupUser resource
- Set up Group assignment action for the GroupUser resource
- Select ‘User’ select as User setting and ‘Group’ select as Group setting
- Create a form with group access permissions
- Group (single or multi Select / Resource component of Group resource submissions)
- any other component you need
Note: Group select on form with group access can be either single Select or multi Select depending on your needs - both should work
- Set up Field Based Resource Access for this form:
- Select ‘Group’ component in one of the Read / Create / Write / Admin selects depending on which level of access you want to grant to a User. Read more about Field Based Resource Access levels in Roles and Permissions section.
Note: when you change Field Based Resource Acccess setting, change only applies to new submissions you'll create after the change. Submissions created before the change would have level of acccess which was current on the time of their creation. For example: you didn't set up Filed Based Resource Access, created several submissions and then selected Group Resource on 'Read' level. Group users won't be able to see those several old submissions even if the group matches
You can also read our API docs to see particular examples of Resources, Forms and Submissions that demonstrate how Group Permissions work