Access Control (Authorization)
Authorization Overview
Once a user is authenticated into the Kinetic Platform, authorization determines what they’re allowed to see and do. This includes access to forms, submissions, workflows, APIs, and even parts of the admin console.
This section explains how authorization works, how to create and apply security policies, and how to use flexible logic to enforce the right access at the right time.
What is Authorization?
Authorization is the process of determining whether an authenticated user has permission to perform an action or access a resource.
Think of it this way:
- Authentication: “Who are you?”
- Authorization: “Are you allowed to do this?”
How Authorization Works in Kinetic
Authorization in Kinetic is powered by three key components:
-
Security Policies
- Define access control at the Form, Kapp, Space, or Workflow level
- Govern visibility, modification, submission access, and more
-
Security Definitions
- Contain the logic behind each policy
- Written in JavaScript, using user identity, submission values, team membership, and more
-
Bindings
- Context-specific variables like
identity('username')orvalues('Assigned Team') - Used inside security definitions to create dynamic rules
- Context-specific variables like
Where Authorization Applies
| Area | Example |
|---|---|
| Forms | Only allow HR to submit onboarding forms |
| Submissions | Allow submitters to view only their own requests |
| Kapps | Hide entire form groups from non-admin users |
| Workflow Engine | Restrict who can execute API calls or modify data |
| Admin Console | Limit which users can manage teams or integrations |
Common Authorization Use Cases
- Show a form only if the user is on a specific team
- Allow updates to a submission only if it hasn’t been approved
- Restrict sensitive workflows to internal IP addresses
- Automatically block access after a user leaves a department
What’s Next?
Explore the following pages to implement fine-grained control in your space:
Updated 7 days ago