Permissions by User Role
The Permissions by User Role functionality in Pragmatic allows defining the roles that users must have to access form instances. This is useful when restricting access to specific users with defined roles who need to view, enter data, or retrieve a list of instances.
Each form in Pragmatic must be associated with a workflow, which defines the states and transitions of form instances. For each state and mode within the workflow, it is possible to specify which user roles have access.
This configuration can be done in two ways:
- Option 1: At the level of each individual form from Pragmatic Studio, in the General section of a form.
- Option 2: At the workflow level, from the
config.jsonconfiguration file in Pragmatic Server.
Important Note
Permissions defined at the Pragmatic Server configuration level (Option 2) apply to a form only if no permissions are defined at the Pragmatic Studio level (Option 1).
Option 1: At the individual form level
Step 1
To define role-based permissions in a form, it must first be associated with a workflow. A workflow represents the process flow of instances of that form and consists of a set of states with specific actions.
Create a new form or select one from the list in Pragmatic Studio and go to the General section.
Step 2
Select a workflow from the list.
Once selected, a table will appear at the bottom displaying the different states of the workflow and the available modes for each.
Step 3
For each workflow state, the available modes define user roles with access. The modes determine what a user can do with an instance in that state according to the assigned permissions.
- Read-only mode: The user can view the information but cannot enter or modify data.
- Entry mode: The user can register and edit data.
To configure this, locate the state in the table after selecting a workflow and enter the roles that will have access to the instances in each state and mode.
In this example, under the “Initial” state of form instances, users with the “Client” role can access both the read-only and entry modes to add and edit data. Another case is the “Finalized” state, representing the final state of the instance, where only read-only mode is allowed. In the example, the same “Client” users are granted permission to view the data.
Finish by saving the changes by clicking the “Save” button.
Option 2: At the workflow level
It is also possible to define user role permissions through the config.json configuration file in Pragmatic Server.
Step 1
Access the config.json file located in Pragmatic Server.
Step 2
Locate the workflow definition property used in forms.
{
"STATE_MACHINE_CONFIG_ALTA_USUARIO": {
//...
"states": {
"__ini__": {
"entry": {
//...
"assignment": {
//...
"name": "Initial",
"security": [
{ "modo": "solo_lectura", "roles": [] },
{ "modo": "ingreso", "roles": [] }
]
}
}
//...
},
"PEN": {
"entry": {
//...
"assignment": {
//...
"name": "Pending",
"security": [
{ "modo": "solo_lectura", "roles": [] },
{ "modo": "ingreso", "roles": [] }
]
}
}
//...
}
//...
}
}
}Step 3
To define user role permissions for each workflow state, edit the roles property within the security property in the config.json file. Add the user roles that will have access to the form instances in that state.
Example configuration:
{
"STATE_MACHINE_CONFIG_ALTA_USUARIO": {
//...
"states": {
"__ini__": {
"entry": {
//...
"assignment": {
//...
"name": "Initial",
"security": [
{ "modo": "solo_lectura", "roles": ["rol-client-user"] },
{ "modo": "ingreso", "roles": ["rol-rh-user"] }
]
}
}
//...
}
//...
}
}
}This means that unless the form has a role permission configuration in Pragmatic Studio (Option 1), access to form instances will be determined by this configuration file.
In the example from Option 2, users with the rol-client-user role would only have read-only access to instances in the “Initial” state, while users with the rol-rh-user role could view and enter data.
Finish by saving the changes in the config.json file and reloading the server.