Documentation : Credentials

Groups

Group represents separate set of users. Users without group can't authorize in application. If you deploy an application without groups, you can't manage your users. By default you have 'users' group when you create a new application in Mobeelizer.

To create group you should go to 'Group & Roles' menu and next click 'New Group' button ...

then insert group name and click 'Save Changes' button.

You can also delete groups on the groups grid. When you do this all the roles connected with this group are also deleted. But remember - it doesn't mean that this changes are deployed automaticaly. If you want to see your changes in action, you should deploy current version to the test or production enviroment.

Device categories

One Mobeelizer application can be accesed by many diffrent entry-points - we call them device categories. They can be understood like kind or group of application client rather then one physical client (but it can be one physical client this kind). It can be used to separate platform dependent client like (iOS, Android, HTTP), but it hasn't and there can be one device category like default mobile. When you create your application you have 'mobile' device category by default.

To create device you should go to 'Group & Roles' menu and next click 'New Device category' button.

then insert device category name and click 'Save Changes' button.

You can also delete device category on the device categories grid. When you do this all roles connected with this device category are also deleted.

Roles

Role is an unique pair of group and device category. Every enabled role can be used to define separate credentials rules. You can enable and disable each role in your version. Role is created when you add new group or device category to your version by creation an unique pairs between new added element and every element on the second list.

Credentials for Models

Credential defines access to operations with particular model. Every enabled system role can have different credential for operations: read, create, update, delete, resolve conflict. Default credentials allows every role for every operation on every record.

To customize credentials for particular model you should go to edit this model and uncheck "use default" checkbox.

After this operation you could view configuration by every enabled role and click 'Change' button to change configuration to chosen role.

next you can customize credentials for chosen operations and click 'Save Changes' button.

There are five operations in system, which credentials could be changed:

  • read - permission to read records of this model
  • create - permission to create records of this model
  • update - permission to edit records of this model
  • delete - permission to remove records of this model
  • resolve conflicts - permission to resolve conflicts in records of this model

There are four levels of permissions:

  • all - all have permission to this operation
  • group - all users of group which user create record have permission to this operation
  • own - only user who create given record has permission to this operation
  • none - nobody has permission to this operation
Our SDK have to have all permission on 'create' operation to set logged user as owner of the record.

Credentials for Fields

Credentials can also be defined to every field separately. Every enabled system role can have different credential for operations on field: read, create and update. Default credentials allows every role for every operation on every record.

To customize credentials for particular field you should go to edit this field and uncheck "use default credentials" checkbox.

Operations on which credentails can be changed are:

  • read - permission to read this field
  • create - permission to set field value when creating new record
  • update - permission to update field value when editing existing record

Levels of permissions are the same as in model credentials (see above)

Field credentials are checked after model credentials. It means, that for example if model has 'read' credential set to 'user', then even if fields of this model has 'all' read credetails only records created by current user will be visible.

 


Attachments:

1.png (image/png)
2.png (image/png)
3.png (image/png)
4.png (image/png)
5.png (image/png)
6.png (image/png)
7.png (image/png)
credentialsToField.tiff (image/tiff)
credentialsToField.png (image/png)
3.png (image/png)
4.png (image/png)