Express Role Administration

Overview

The Express Role Administration page lets you create Express roles and set their hierarchy. To manage permissions, Unqork classifies users by roles and groups. You'll notice that roles differ from groups. Roles set what you can do. Groups (working together with the role hierarchy) determine what submissions you can see. You can use roles to regulate access to a module or component and to choose how users interact with data.

You'll manage users and roles separately for Express View and for Designer tools. Express User Administration, Express Role Administration, and Express Group Administration apply to Express users. These end-users are the ones interacting with your application on the front-end. You can also set up users and roles for the Designer side of Unqork. These Creator users and Creator roles let you manage who can edit your application. You'll set this up under Creator (User) Administration and Creator Role Administration.

What You'll Learn

In this article, you'll learn how to do the following for Express roles:

• Add a role and set role permissions.

• View active roles.

• Edit roles.

• Delete roles.

• Promote all roles.

Adding an Express Role

To manage module-level permissions in Express View, Unqork classifies Express users by roles and groups. Each Express user has an Express role. You can use roles to regulate access to a module or component and to choose how Express users interact with data. For example, will Express users with this role be able to write submissions, or have read-only access? The Add a Role feature lets you choose how your end-user interacts with your deployed application.

To add a new Express role:

1.

Click the Settings drop-down at the top right of the Unqork Designer Platform.

2.

Click Administration.

3.

Under Express Permissions, select Express Role Administration.

Express Role Details

1.

Enter the Role Name. Role Names are permanent.

2.

Enter the Role Description.

Express Role Permissions

There are a few ways to set up permissions for your Express role. Read through the following options and choose what works best for you:

1.

Select the parent for this Express role from the Choose role parent drop-down. The parent-child relationship defines the hierarchy in groups. The role you are creating is the child. The parent you select has access to modules and workflow the child’s role can access.

2.

Click Full Submission Access to give the Express role full access to all submission data. Full Submission Access supersedes role hierarchy, group membership, and field-level permissions. Please note that this setting will provide users with this role Write access to every submission in every application in the entire environment. Use with caution.

3.

From the drop-down, select the Choose Role Default Permission. Default permissions let you decide how this Express role interacts with data. (If the role has Full Submission Access, skip this step.)

Setting Groups

You can organize Express users into groups to limit or grant permissions to specific roles. Each group has a set of rules for its users. These rules outline what data a group member can see.

You can assign groups to an Express user, or you can assign groups to an Express role. When you assign a role to an Express user, the user is automatically included in that role's groups.

1.

Under the Groups section, you'll see the different groups in your platform. Click the checkbox next to the group(s) that you want for your role.

2.

Click the Add Role button.

With this finished, you can now assign Express users to this role. When adding a new Express user, choose the Express role from the Default Role drop-down.

NOTE  You can adjust permissions on modules and components through RBAC (role-based access control). Turn on Customize RBAC using the Module Builder Settings sidebar option. From there, you can adjust module-level and component-level permissions.

Viewing Active Express Roles

Once you add an Express role, it lives on the Active Roles list.

To view all active Express roles:

1.

Click the Settings drop-down at the top right of the Unqork Designer Platform.

2.

Click Administration.

3.

Under Express Permissions, select Express Role Administration.

4.

Under Active Roles, click the Express role you'd like to view.

When you select a role, the current settings show in the Express Role Administration fields at the top of the page. Read on for details on editing or deleting an Express role.

Editing an Express Role

While a role's name is permanent, you can change a role's description and permissions.

To edit an Express role:

1.

Click the Settings drop-down at the top right of the Unqork Designer Platform.

2.

Click Administration.

3.

Under Express Permissions, select Express Role Administration.

4.

Under Active Roles, click the Express role you'd like to edit.

5.

Make your changes to the role description and/or role permissions.

6.

Click Save Changes.

Deleting an Express Role

From time to time, you might clean up or refine your Active Roles list. A delete option makes this quick and easy.

To delete an Express role:

1.

Click the Settings drop-down at the top right of the Unqork Designer Platform.

2.

Click Administration.

3.

Under Express Permissions, select Express Role Administration.

4.

Under Active Roles, click the Express role you'd like to delete.

5.

Click the Delete link above the Active Roles list.

NOTE  Deleting a role is permanent. To make a deleted role available again, you'll need to re-add it.

Promoting All Express Roles

When promoting an application to the next environment, you must also promote roles. This applies to Express roles and Creator roles. Below, we'll cover the steps for promoting Express roles.

You can share roles between more than one application. Be mindful when promoting an application and all its features. Consider how promoting an Express role might affect other applications in the target environment.

NOTE  Promoting a role overwrites any previous versions in the target environment.

Environments in Unqork support each phase of building and rendering applications. Generally, we use 3 environments for each production customer.

Environment Stage	Description	Code-base
Client Staging	The Staging environment stage (sometimes called the Dev stage) is where Unqork creators do most of their critical work. This is where creators build applications, modules, API calls, and more. Client Staging is a non-production environment that hosts test content only. Features and bug fixes get released to Client Staging at the end of a sprint cycle (every two weeks). We host Staging internally at Unqork. Staging offers both a Designer and Express View interface.	Staging
UAT (User Acceptance Testing)	The UAT environment stage is where both Unqork and the client can view the latest build. This non-production environment hosts test content only, including checking API responses and setting up unit tests. As with Staging, we host UAT internally at Unqork. UAT offers both a Designer and Express View interface.	UAT
Production	This environment stage is the live application, the only environment that end-users can access. It is also the only environment stage to host live client data.	Production

NOTE  Some applications move through up to five environment stages. The two additional stages include dedicated QA (Quality Assurance) and Pre-production environments. QA environment stages use the UAT code-base. Pre-production environment stages use the Production code-base.

To promote all Express roles:

1.

Click the Settings drop-down at the top right of the Unqork Designer Platform.

2.

Click Administration.

3.

Under Express Permissions, select Express Role Administration.

4.

Click + Promote All Roles.

5.

Select a target environment from the Select a Target drop-down.

6.

Click Promote.

NOTE  The above instructions only apply if you're promoting all your active roles. To promote a single role or a few chosen roles, you must add each of them to the new environment. To do this, follow the instructions for adding an Express role.