How do I set permissions for my app?
- From your app's dashboard, click on the name of your app in the top left corner of the screen.
- Select Permissions from the dropdown.
From here you will be able to configure permissions for users that should have access to your app. This page and the permissions settings are divided into a few different categories. Below is a description of the types of roles found on the Permissions page that you may want to consider as you're sharing your app:
Administrators
App Administrators include anyone that should have access to edit, update, or delete the app or its associated documents. Users can be added individually, by group, or by role. Groups and roles are created by your system administrator in the Kuali Groups area (see Create and Manage Groups and Create and Manage Roles).
If a group is given app administrator permissions, anyone that is part of that group will have all of the permissions you select here.
If a role is given app administrator permissions, anyone assigned to that role will have all of the permissions you select here.
All Authenticated Users
The permissions you configure in the "All Authenticated Users" section will apply to ALL users who are able to log in successfully to the system. Generally, the only permission you would select here is to allow users to "Create documents in this app," but this depends on the needs of your application.
All Anonymous Users
Anonymous Users in Kuali Build refers to any user that is unable to log in to the system. It is possible for you to share Kuali Build apps and forms with unauthenticated users, and the "All Anonymous Users" section on the Permissions page is where you give them access to create and submit forms in your app. This will also automatically select the ‘allow anonymous submissions’ option in the Form share link so an anonymous sharing link is available.
Add New Role
While configuring permissions, you will notice that at the bottom of the page is the ability to "Add New Role." If there is a unique subgroup of people that should have permissions different from your App Administrators, Authenticated Users, or Anonymous Users, you may need to create a new role.
Creating a new role will allow you to configure the permissions for this audience just as you did with the other types of users (see screenshot below). You can also add specific users, groups, or system roles to this app permissions role.
Note: A newly created role from an App Permissions page is only created for that app specifically. It does not create a new role in the Kuali Groups area. To create a new role that is available system-wide, you will want to have your system administrator create it in the Kuali Groups area.
What permissions are available?
App permissions has several different permission options available that allows you to customize your user experience. Below is a list of each permission and its description:
- Administer, design, and publish this app: This gives the user the ability to make edits to and publish a given app. It also gives the user the ability to delete an entire app.
- Create documents in this app: This allows the user to complete a form in an app. (Reminder: Completed forms in Kuali Build are called Documents). Usually this is the permission you want to extend to any end user that you want to fill out a form.
- Read documents in this app: This permission gives a user access to read any documents (completed forms) for a given app. It also gives the user access to the Document List.
- Update documents in this app: This allows the user to make changes to any completed fields in a document (a submitted form).
- Delete documents in this app: This allows the user to delete any documents (submitted form) in an app.
How do I give app access to large groups of people?
While individuals and small groups of people can be given access to apps using the Groups and Roles functionality, at times you may find it necessary to give large groups of people (800+) access to forms. For example, you may want to make a form available for all faculty on campus but not students. Rather than using the Kuali Build Group functionality to give these permissions, we recommend using the Affiliations permission option (See Large Group Support (Affiliations) for more information).
Please note, within Affiliation options in permissions you will see the '<affiliation name> *all*' as an option. Each affiliation is stored as a role/organization pairing since some customers utilize multiple Organizations for their users - like the below:
eduPersonAffiliation=member;eduPersonOrgDN=main_campus
For example, "Student:OahuCampus" or "Faculty:MainCampus". In some of those cases, you may all "Faculty:*" to submit documents, regardless of their organization. That's the (*all*) part of that the affiliation options. However, if your institution doesn't utilize multiple organizations it won't pertain to your set up and can be ignored.
Comments
0 comments
Please sign in to leave a comment.