Attributes and Security
The last two values that are added to Forms are Attributes and Security Policies. They are different in structure, but both are connected by their attachment to the Form.
The goals for the article are:
- Learn to create Attribute Definitions
- Learn to apply Attribute values
- Learn to create Security Policies
- Learn to apply Security Policies
Attributes are "extra" pieces of data added to Forms, kapps, and other elements in Request. They are used by the bundle, workflow, and other processes. Besides Forms, they are most often used to add information to User records.
Each attribute added to any element needs to have a definition. In the Request consoles there are two places to define the Attribute Definitions. Under Space, you create the Attribute Definitions for the Space, User, User Profile, Team, and Datastore Forms. In any other Kapp you set the Attribute Definitions for the Kapp, Category, and Form. Here are examples of the two Attribute Definition consoles.
To add an Attribute Definition, just click the Add Definition button and give it a name, a description (optional but a really good idea) and decide if it can have multiple values.
Whichever tab (Kapp, Category, or From) is selected when you click the Add Definition button is where the new definition is applied.
Now that you have a definition, you can add attribute values to your element (a Form in this case).
Here's an example of the Attributes tab for the example we have been using:
Select the Attribute Definition from the dropdown list, and add a value. After adding the value, make sure and click the Update Form button.
Other Attribute Options
As you can see in the Attribute Definitions section, there are a number of other places you can use attributes.
Kapp Attributes are under the Settings console, and are often used with workflow.
Category Attributes are set on the Category Definitions console and are normally used with the bundle and presentation.
Space attributes are used with the different User and Team consoles. They are used mainly for security and presentation (manager name, department, etc).
Like Attributes, Security Definitions are first defined and then used in specific places. In this case, they are used for Form display and maintenance.
The Security Definitions console is used to determine the specific rule applied when someone tries to use (display, gain access to, or create/change) a specific element in Request.
Security Definitions are available for the Space and for each kapp.
The following types are available from the Space, Datastore Form, Datastore Submission, Team, User, and Space.
The following Types are available within the kapps, Form, Submission, and kapp.
To create a new Security Definition, click the 'Add Definition' button on the top right of the console.
Each Security Definition has the following parts (all are required):
- Name - descriptive name shown on the dropdown lists
- Type - what part of Request should the definition apply to and what dropdown list should it show on
- Message - what is shown to the user if they do not pass the rule
Apply Security Definitions
While Form security is the main place that Security Definitions are used, they are used for the Kapp and Space.
Settings for Security definitions is found on the Settings console.
Security for the Space includes
- Display of the Space
- User access, creation, and modification
- Team access, creation, and modification
- Discussion Creation
- Setup a trusted Domain (often used for development)
- Trusted Frame Domain (used for Frame access)
Security for the Kapp is found on the Settings tab.
Security for the Kapp includes:
- Kapp display and modification
- Form Display, Creation, and Modification
- Submission Display, Creation, and Modification
Some of the selections are labeled as Default, this means that they are applied if no selection is made at the Form level.
Because access to Forms is directly related to customer actions in the front-end, it's the place that is mostly likely to change. Space and Kapp security is normally set once and then left alone. Form security can be different per form, and can change during a Form lifecycle.
Security for a Form includes:
- Form Display and Modification
- Submission Display and Modification
If no security definition is selected,
There is also an option for the Form to be Anonymous. If it is set to No, any authenticated information about the user is included with a Submission. If set to Yes, the Form is submitted with no information about the User.
Example with selected security definitions:
In the Next Article
The next article covers the remaining consoles related to Forms. After this, we move to Workflow.
Updated over 1 year ago