Module-Level Role-Based Access Control (RBAC)
Overview
Module-Level RBAC (Role-Based Access Control) defines a set of access permissions for each role. Doing so determines what end-users End-users, also known as Express Users, are the individuals accessing an application through Express View. In most cases, end-users are the customers using the product. can do in a module. In Unqork, an end-user’s role defines their access to a module and let you assign specific permissions to individual modules. For example, you can provide an end-user with full access to one module while granting read-only access to another.
Below are some scenarios where you’d use module-level RBAC RBAC (Role-Based Access Control) is a method to control system access for authorized users. The role in RBAC refers to the levels of access employees have to a network.:
-
When you want the Authenticated role, with read-only access, to have write permissions for a module.
-
When you want to allow Anonymous, or Unauthenticated, users to view your module.
Accessing Module Builder Settings
Use the Module Builder Settings to choose how your module interacts with API APIs (application programming interfaces) are a set of protocols and definitions developers use to build and integrate application software. APIs act as the connective tissue between products and services. calls and end-users.
To access the Module Builder Settings:
| 1. | Open your module in the Module Builder. |
| 2. | At the top right of the page, click the (ellipsis). |
| 3. | Select Module Settings. |
| 4. | From the left side menu, click User Permissions to view the RBAC settings. |
How Module-Level RBAC Works
Module-level RBAC is unique because you can change a role's permissions in a module. Changes to permissions only impact that module.
By default, the Customize RBAC for This Module setting is set to (ON). This setting displays all the roles and permissions in your module. By default, each role permission is set to Inherit. Inherit means that the role's access in this module is the same as your environment.
Below are the available permissions for each role:
|
Permission |
Description |
|---|---|
|
Inherit |
Inherit means that the role's access in this module is the same as the environmental level. Meaning, you've inherited the permissions from the environment-level RBAC. |
|
No Access |
End-users have no access to the application. |
|
Read-Only |
End-users can view the module but cannot write or engage with it. |
|
Write |
End-users have full access to write and engage with the module. |
The Effective Permissions column displays the active permission for the role. If the Effective Permission is Inherit, it inherits that role permission from the environment level. The Effective Permissions column displays any change you make to your module permissions.
Below are the default Effective Permissions by role:
| Role | Description |
|---|---|
|
Administrator |
By default, the Administrator role has an Effective Permission of Write. This permission gives the Administrator users full access to write and engage with the module. |
|
Authenticated |
By default, the Authenticated role has an Effective Permission of Read-Only. This permission lets Authenticated users only view the module. They do not have permission to write or engage with it. |
Changing Module RBAC
For this example, let's change the Authenticated user permissions. By default, Authenticated users have Inherit permissions. Let's change the permission to Write.
To change default RBAC settings for your module:
| 1. | Open your module in the Module Builder. |
| 2. | At the top right of the page, click the (ellipsis). |
| 3. | Select Module Settings. |
| 4. | From the left side menu, click User Permissions. |
| 5. | In the table, navigate to the Authenticated role. |
| 6. | From the Permission drop-down, select Write . |
The Effective Permission and Inherited From columns change to reflect the role's new permission.
| 7. | Click Save & Close. |
Anonymous Access
Anonymous end-users are not registered in Unqork. Enabling the Allow Access to Anonymous Users setting in the Module Builder Settings gives unauthenticated end-users access to your modules without having to login.
If you change the Anonymous role's permissions to Read-Only or Write, end-users are provided a temporary token. Using this token, they can view your module in Express View Express View is how your end-user views your application. Express View also lets you preview your applications to test your configuration and view the styling. This is also the view your end-users will see when interacting with your application. After configuring a module, click Preview in the Module Builder to interact with the module in Express View.. For this example, let's enable Anonymous access and change the permissions to Read-Only.
To enable Anonymous access to unauthenticated end-users:
| 1. | Open your module in the Module Builder. |
| 2. | At the top right of the page, click the (ellipsis). |
| 3. | Select Module Settings. |
| 4. | From the left side menu, click User Permissions. |
| 5. | Set Allow Access to Anonymous Users to (ON). An Anonymous role displays in the table. |
| 6. | From the Permission drop-down, select Read-Only . |
| 7. | Click Save & Close. |
If you have a workflow and want to grant access to Anonymous end-users, set up your module and add it to an Anonymous swimlane in the Workflow Builder. When an Anonymous end-user accesses the workflow, they can view it in Express View Express View is how your end-user views your application. Express View also lets you preview your applications to test your configuration and view the styling. This is also the view your end-users will see when interacting with your application. After configuring a module, click Preview in the Module Builder to interact with the module in Express View. without logging in.
Use the Allow Access to Anonymous Users setting wisely. Once enabled, non-administrative users have higher privileges in your module.
Resources
