Role-based Access Control in Enterprise Apps
Enterprise database apps are increasing in prevalence due to their advantages for enabling access to—and easy management of—the ever-growing amount of critical data business users need to work with on a day-to-day basis. Unlike other types of business productivity apps, database apps must include measures for managing different levels of user access to maintain the security and integrity of the enterprise data they expose.
This can include managing read-only and editing access rights or restrictions on access to certain types of data. While it is essential to ensure that only authorized personnel have access to confidential data, levels of permissions often vary throughout an organization. Apps built using Altova RecordsManager include comprehensive tools for managing role-based access to database data that can reflect these complicated relationships that exist within an organization.
Let’s take a look at how RecordsManager makes it easy for app administrators to manage complex role-based permissions with visual tools.
Starting with Authentication
Authentication is the first step to providing secure access to your enterprise app, both by preventing unauthorized access and, when combined with role-based access, only giving authorized users access to data and actions permitted by their role once they log in.
RecordsManager offers two ways to configure authentication. For apps with a small number of users, each can be entered manually via the Manage Users tab (described below) and assigned a password. For enterprise apps with numerous end users, RecordsManager apps can be configured with directory services to import users from the organization’s existing LDAP or Active Directory servers. This removes the need to manually enter user data and enables users to log into the app using their corporate LDAP or Active Directory username and password. User roles can then be assigned as described in the next section.
Enabling Role-based Access Control in an App
In addition to authenticating users prior to app access, using role based access control is a great way to increase security in a database app. Role based access control restricts access to different parts of the database, or different activities within the database (read, edit, save, approve, etc.), based on assigned user roles. This is a more efficient approach than assigning distinct permissions on a user-by-user basis.
This approach assigns users to different roles based on their job functions, and access privileges are granted accordingly. For example, in a contract management app, paralegals may have access to search for contracts and update only certain fields, while attorneys may have read/write access to all records and fields. In an HR app, all employees may have access to coworkers’ titles and contact information while only HR team members can access this plus salary and benefit information. This approach ensures that users have access only to the data they need to perform their job functions while reducing the risk of unauthorized access to sensitive information.
Since it is a no-code app development solution, RecordsManager takes a purely visual, easy to understand approach to configuring role-based access. When creating an app in RecordsManager, the administrator selects the Manage Users tab to add users and define permissions.
On this tab there are three functions:
- Add or edit app users
- Define roles and respective permissions
- Create user groups to determine which users receive which alerts from the app
You can define as many or as few users, roles, and user groups as are required by your particular app. When adding a new user or editing details for an existing user, it’s easy to assign the relevant roles.
To save time, you can also assign multiple users to a role via the roles tab.
Define Roles and Permissions
You can define any number of roles in a RecordsManager, each of which can have access to different forms (used for viewing data, data entry, etc.) within the database app.
The Data access tab in the Roles dialog allow you to further refine viewing and editing rights on for each role using predefined filters designated on each data container.
For maximum flexibility, role access can also be designated in the properties of the form itself; changes made there will then be reflected on the Forms tab of the Role dialog.
This approach to role-based access control makes it easy to precisely control which records and fields users can access and/or edit.
Define User Groups
User groups can be created in RecordsManager and are comprised of individual users and/or roles. These groups make it easy to customize the sending of alerts (reminders, notifications, etc.) based on a variety of criteria. For instance, in a contract management app, a user group comprised of department heads may receive an alert to review a new contract once it’s saved in the database.
User groups can be hierarchical to accommodate scenarios where users belong to multiple groups (e.g., office location, department, management team, cross-functional team, etc.). Hierarchical user groups help make group assignments more efficient by removing the need to assign each user individually to all their groups.
Defining user roles this way in turn allows for finely targeted reminder emails, for example, to group leads across different teams.
Managing user access in enterprise database applications is a critical aspect of maintaining the security and integrity of sensitive information. RecordsManager offers an easy, visual way to define granular role-based access in database apps.
Altova RecordsManager is a free, pre-built MobileTogether solution that is available for you to start using when you install MobileTogether Designer. Download and install the free Altova MobileTogether Designer to get started on your first no-code app.