Skip to main content
Kinetic Community

Security Definitions

Overview

How to configure and implement security rules.

Form Security

Form security is the process of applying Security Definitions to specific aspects of a Form. These are the default settings for a Form when created:

form_security_request.png

Cloning a form provides the options from the source form.

Options on this console:

Anonymous? - options [Yes, No (default)], determines if Customer data is collected on the submission. Yes means no data collected (submitted as anonymous). No means the system will attempt to collect data if the User was Authenticated.

Form Display - Determines if the user can see and have access to the form

Form Modification - Able to make changes to the Form in the Form builder

Submission Access - Able to see submissions

Submission Modification - Able to make changes to submissions

If no option is selected, the default for the Kapp is applied.

kapp_security_request.png

Kapp Settings:

Kapp Display - display the portal for the Kapp

Kapp Modification - allow modification for the Kapp

Form Creation - Abiltiy to create new forms

Submission Support - Special group for the Submission Support group in kinops

The options in the drop-down list for Form and Submission are created on the Security Definition console.

Security Definitions

The Security Definitions console is used to determine the specific rule applied when someone tries to us a specific option in Request, like view a Submission.

Each Security Definition has the following parts (all are required):

Name - descriptive name shown on the drop-down lists

Type - [Form, Kapp (default), Submission] - what part of Request should the definition apply to and what drop-down list should it show on

Message - what is shown to the user if they do not pass the rule

Rule - javascript expression that is evaluated to True or False

To create a new Security Definition, click the 'Add Definition' button on the top right of the console.

security_definition_new_request.png

Here is an example of a completed definition:

security_definition_complete_request.png

The most important piece of the definition is the rule. It must use javascript and must resolve to either True or False. You can use a lot of the domain values of forms or users to test the rules. The easiest example is Authenticated Users definition. The Rule is identity('authenticated'). Another option:

identity('username') - use values from the User object