Module-Level Role-Based Access Control (RBAC)

Module-Level RBAC (Role-Based Access Control) defines a set of access permissions for each role. Doing so determines what end-users can do in a module. In Unqork, an end-user’s role defines their access to a module and let you assign specific permissions to individual modules. For example, you can provide an end-user with full access to one module while granting read-only access to another.

Below are some scenarios where you’d use module-level RBAC:

  • When you want the Authenticated role, with read-only access, to have write permissions for a module.

  • When you want to allow Anonymous, or Unauthenticated, users to view your module.

Use the Module Builder Settings to choose how your module interacts with API calls and end-users.

To access the Module Builder Settings:

1. Open your module in the Module Builder.
2. At the top right of the page, click the (ellipsis).
3. Select Module Settings.
4. From the left side menu, click User Permissions to view the RBAC settings.

A static image displaying module RBAC settings

Module-level RBAC is unique because you can change a role's permissions in a module. Changes to permissions only impact that module.

By default, the Customize RBAC for This Module setting is set to  (ON). This setting displays all the roles and permissions in your module. By default, each role permission is set to Inherit. Inherit means that the role's access in this module is the same as your environment.

Below are the available permissions for each role:

Permission

Description

Inherit

Inherit means that the role's access in this module is the same as the environmental level. Meaning, you've inherited the permissions from the environment-level RBAC.

No Access

End-users have no access to the application.

Read-Only

End-users can view the module but cannot write or engage with it.

Write

End-users have full access to write and engage with the module.

The Effective Permissions column displays the active permission for the role. If the Effective Permission is Inherit, it inherits that role permission from the environment level. The Effective Permissions column displays any change you make to your module permissions.

Below are the default Effective Permissions by role:

Role Description

Administrator

By default, the Administrator role has an Effective Permission of Write. This permission gives the Administrator users full access to write and engage with the module.

Authenticated

By default, the Authenticated role has an Effective Permission of Read-Only. This permission lets Authenticated users only view the module. They do not have permission to write or engage with it.

For this example, let's change the Authenticated user permissions. By default, Authenticated users have Inherit permissions. Let's change the permission to Write.

To change default RBAC settings for your module:

1. Open your module in the Module Builder.
2. At the top right of the page, click the (ellipsis).
3. Select Module Settings.
4. From the left side menu, click User Permissions.
5. In the table, navigate to the Authenticated role.
6. From the Permission drop-down, select Write .

The Effective Permission and Inherited From columns change to reflect the role's new permission.×

A static image displaying the changes that can be done on module based RBAC.

7. Click Save & Close.

Anonymous end-users are not registered in Unqork. Enabling the Allow Access to Anonymous Users setting in the Module Builder Settings gives unauthenticated end-users access to your modules without having to login.

If you change the Anonymous role's permissions to Read-Only or Write, end-users are provided a temporary token. Using this token, they can view your module in Express View. For this example, let's enable Anonymous access and change the permissions to Read-Only.

To enable Anonymous access to unauthenticated end-users:

1. Open your module in the Module Builder.
2. At the top right of the page, click the (ellipsis).
3. Select Module Settings.
4. From the left side menu, click User Permissions.
5. Set Allow Access to Anonymous Users to  (ON). An Anonymous role displays in the table.
6. From the Permission drop-down, select Read-Only .

A static image displaying anonymous user settings

7. Click Save & Close.

If you have a workflow and want to grant access to Anonymous end-users, set up your module and add it to an Anonymous swimlane in the Workflow Builder. When an Anonymous end-user accesses the workflow, they can view it in Express View without logging in.

Use the Allow Access to Anonymous Users setting wisely. Once enabled, non-administrative users have higher privileges in your module.×