Field-Based Resource Access

What Are Field-Based Resource Access

Field-Based Resource Access assigns user permission(s) to a specific data submission based on a Resource referenced within the Form.

Why Should I Use Field-Based Resource Access?

Let's imagine you are building a Clinic application, and wish to assign patients to physicians within the clinic. One of your requirements might be to ensure that only patient data is available to physicians who have been specifically assigned that Patient. Field-Based Resource Access can accomplish that by granting granular permissions to control what patient data the physicians have access to based on a reference to a given Resource.

How Do I use Field-Based Resource Access?

Field-Based Resource Access is utilized by establishing Resources and referencing the Resource data as a means to grant form submission permission to a user group. When a Select Resource field is saved to a form, you can allocate that field to a Field-Based Resource Permission in the form's access settings. This is done by choosing the field within the Resource setting of the permission. When a user logs in and views the form, the user will be granted permission depending on what Group value (resource field) is saved within their user object. The following permissions can be defined for any resource field within the form.

Workflow Example

The following example will build off the use case described above. Physicians will be created using a Resource. A Patient Resource will be used to create Patients and assign Physicians within the submission using a Select Resource. That Select Resource field will be configured within the Patient Resource access settings to grant granular permissions based on which Physician is accessing the submission.

Create Physician Resource

This Resource will serve as the Physician database that will be used to assign Physicians to Patients.

1. Create a new Resource titled Physician

2. Add a Text Field called Physician Name, Email, and Password field to the Resource

3. Add a Role Assignment action to the Resource

   • Set the Resource Association to Existing Resource

   • Set the Action Type to Add Role

   • Set the Role to Authenticated

4. Use the Resource and make two submissions

   • Joe Smith | joe@example.com | abc123

   • Sally Fields | sally@example.com | abc123

Create Patient Resource

This Resource is where Patients will be created and assigned their Physician

1. Create a new Resource titled Patient

2. Add a Text Field called Patient Name

3. Add a Select component called Physician that will reference the Physician Resource

   • Within the Data tab, set the Data Source Type to Resource

   • Set the Resource to Physician

   • Set the Item Template to {{ item.data.physicianName }}

   • Check the Save as Reference setting

4. Save the Resource

5. Click the Access tab. Within the Field-Based Resource Access section, set the following permissions

   • Read | Resource: Physician

   • Update | Resource: Physician

   • Save the settings

In the following example, Physicians mapped by the Select Resource field will have permission to Read and Create submission data for this Form.

6. Use the Resource and make four submissions

   • Physician: Joe Smith | Patient Name: A

   • Physician: Joe Smith | Patient Name: B

   • Physician: Sally Fields | Patient Name: C

   • Physician: Sally Fields | Patient Name: D

Modify Login Form

Modify the Login form action so it references the Physician resource when authenticating login credentials

1. Edit the User Login form within the project

2. Click the Action tab and edit the Login action

3. Click the Resource dropdown and select the Physician Resource

4. Save the Action

Test Workflow Using Postman

To test this workflow, Postman will be utilized to authenticate the users and to send the API requests to read and update submissions.

Authentication

Utilize the Login form within the project to authenticate a Physician and receive a JWT token.

1. Perform a Post request against the Login form using Joe Smith Physician credentials

2. Copy the x-jwt-token from the response header to use in our GET request

GET Submission Request

Using the JWT token from the previous step, a GET request will be made to retrieve a Patient Resource submission

1. Within your Project, click the Data tab of the Patient Resource. We will take note of two different submission IDs

   • View a submission for Physician Joe Smith

   • Take note of the Submission ID appended at the end of the URL

   • View a submission for Physician Sally Fields

   • Take note of the Submission ID appended at the end of the URL

2. Within Postman, create a new request tab and set the request type to GET

3. Click Headers and add your JWT token to authenticate the request

   • Key: x-jwt-token | Value: abcd1234 (Your token ID from the previous step)

4. Within the Postman, apply the correct GET Submission API endpoint and perform the request {{projectUrl}}/{{formPath}}/submission/{{submissionId}} You should receive the submission JSON within the body of the response

5. Within the same request, change the Submission ID to a different Physician and perform the request You should receive an Unauthorized error within the response

These concepts will be applied to the Group Permissions workflow which is discussed in the next section.