Skip to main content
Kinetic Community

Security Definitions

Overview

Add Security with KSL to different parts of Kinetic Core and related Kapps.

Definitions

All Security Policy Definitions are listed on the main Definitions page.

From this page you can either add a new definition (+Add Definition button) or click the pencil icon on the far right to edit.

Create/Edit Policy Definitions

Each policy definition requires four pieces of information.

Name. Descriptive name of the definition.

Type. Choice defines how the definition is applied. Choices are Form, Submission and Kapp.

Form limits access to complete the form for creating entries.

Submission limits access to the submitted answers.

Kapp - limits access to consoles within the Kapp.

Message. Displayed message if the authenticated user does not have access.

Rule. javascript representation of the rule.

Remove Policy Rules

To select a specific policy definition rule:

  1. Click the pencil icon to open the rule in edit mode
  2. Click Delete in bottom left corner
  3. Click Delete from the confirmation dialog

Only one rule can be removed at a time.


Policy Rule Examples

Restricting Setup Console Access

An organization may want to allow some people to create and edit forms, but not allow those same people to manage the Kapp settings (the Setup Console).  This can be accomplished via Policy Definitions and applying the correct permissions.  Only a user that has Kapp Modification or Space Admin permissions can perform these steps.

1. Add a policy definition.  In this example we will do this based off a User Attribute called "Groups" and only allow those users who have an entry called "Form Admin" in their list of groups.

2. Update the security settings for the Kapp.  In this situation we will allow those that pass the "Form Admin" policy we created in step one to manage forms.  Note that the 

3. Verify your user has the correct permissions.  In this example Fred has both Form Admin and Support group attributes.

4. Verify that your user can access the forms.  In this situation Fred can see and edit the forms.  

However, when Fred tries to modify items on the setup console he gets an error that this is restricted.

4. Restrict access to individual forms.  At this point, Fred can manage all forms in the Kapp.  However, your organization may want to further restrict some forms to someone with a higher level of security (an Admin for instance).  In this situation we are restricting our "Employee Directory" form to only admins.

Now Fred will no longer see this form in his list of forms that he can manage.

 

Restricting Access Based on LDAP groups

The following article also gives some examples based on LDAP Groups.

 

 

Using Kinetic Security Language for Authorization
Learn how Kinetic Request Core Edition goes beyond conventional role based policies for authorization using Kinetic Security Language (KSL) to build advanced authorization rules.
Form Description
Overview and other consoles containing detailed information about the Form
Kapp Setup Security
Using Identity and LDAP Groups
Getting Started with KSL
The Kinetic Security Language (KSL) is a strategy for defining and managing access control.  At a high level, KSL uses the same technology as the task handler parameters and connectors in order to determine whether a request should be allowed or denied.  Kinetic Task 3.0 leverages KSL to restrict API access, however usage of KSL will grow to be used in many other areas in both Kinetic Task and other Kinetic products.
Getting Started with KSL
The Kinetic Security Language (KSL) is a strategy for defining and managing access control.  At a high level, KSL uses the same technology as the task handler parameters and connectors in order to determine whether a request should be allowed or denied.  Kinetic Task 3.0 leverages KSL to restrict API access, however usage of KSL will grow to be used in many other areas in both Kinetic Task and other Kinetic products.
Getting Started with KSL
The Kinetic Security Language (KSL) is a strategy for defining and managing access control.  At a high level, KSL uses the same technology as the task handler parameters and connectors in order to determine whether a request should be allowed or denied.  Kinetic Task 3.0 leverages KSL to restrict API access, however usage of KSL will grow to be used in many other areas in both Kinetic Task and other Kinetic products.