Restrict Access to Digitise apps
Digitise Apps allows you to restrict access to the Digitise mobile apps that you create. You can grant permission to use each of your apps to individual users or devices or groups of users and you can also configure by application version number, e.g. when producing an update you may want to limit who has access to the update until testing has been completed.
In addition, you can also specify whether a version of an app should be automatically downloaded to users or they should be able to choose whether to download it or not. For example, this can be useful to automatically download a new app to all the relevant users but allow later upgrades to be optional.
- The automatic download options are not relevant for user iOS devices, where new and updated versions of your Digitise apps have to be downloaded as Standalone Apps. The options can be used on development iOS devices though. You can, however, use the access control options to restrict access to your Digitise apps on all iOS devices.
In Digitise there are four possible types of user:
- Anonymous User - A built-in username (i.e. "anonymous") that is used where the actual identity of the user is of no concern. No password is required.
- Windows Authenticated User.
- Digitise Apps User – Created within App Manager, the scope of these users is only within your Digitise Apps environment.
- OAuth User - A user who will sign in to Digitise Apps using Google OAuth. For additional information about OAuth users see: Log In Using Google OAuth Authentication.
- In addition to restricting access to downloading your Digitise apps, users are also checked when attempting to download or upload data within Digitise apps. App Server will only allow the data movement if the user has permission to use that app.
Granting and restricting access is done within App Manager on an app basis using the Access Control list found under each individual app within the Application category.
Within the Application category, you will see a list of all your published apps in the left-hand pane. Click on the Properties tab, if not already selected, and then choose an app in the left-hand pane to display the Properties for that app on the right. Each app has its own Access Control list within its Properties.
The Access Control lists work in conjunction with the default user and device access settings located immediately above the list. These options apply to all users and devices that aren't explicitly entered into the Access Control list and provide the permission level – either Allow or Deny – for the currently selected item. Any users or devices that you don't want to be granted these default permissions, must be entered into the Access Control list.
-
The default User and Device access options work in combination. If you want to limit access to particular users, you will need to set the default User Access option to Deny but the default Device Access to Allow. Likewise, if you want to limit access to particular devices, you will need to set the default Device Access option to Deny but the default User Access to Allow. If you want to restrict access to particular users and particular devices, both default User Access and Device Access options must be set to Deny. You can then add the appropriate users and/or devices into the Access Control list and give them Allowed access permissions.
If you want to deny access to particular users and/or devices, follow the opposite procedure.
If you set both default values to Deny, in order to allow a user access, you would need to add both the user and their device into the Access Control List which would automatically set them to Allow.
To configure an Access Control list:
To add a Digitise Apps User, OAuth user or a device to the Access Control list, click the Add… button below the list.
This will display a dialog box listing all Digitise Apps Users, OAuth users, Groups and devices registered with the system. You can select one or more items from this list in the usual way, and then click on the OK button to add your selected items to the Access Control list. You can filter the items displayed using the check boxes at the top of the dialog box.
To add a Windows/Active Directory user or group, choose the Add Object… button. This will display the standard Windows' browse dialog box allowing you to select the required user(s) and/or group(s). Click on the OK button to add them to your Access Control list. Any users you add in this way will automatically be registered with Digitise Apps, if not already registered, but groups are not.
Items added to the Access Control list are automatically assigned a permission level – this is the opposite of the default level set for the type of item added. For example, if the default User Access level is Allow, a user added to the Access Control list will be given the access level Denied.
To change the Access setting for an item in the Access Control list, click on its current level in the list and select the new level from the drop-down list displayed.
It is possible for a user to be entered in the list individually and also as a member of a group. For example, the user could be set to 'Denied' but the group to 'Allowed', in these cases any 'Allow' always overrides a 'Deny'.
-
Once you have configured an Access Control List for any of your apps, users will be required to log in on their devices, even if they're not using the app(s) which have permissions set. Depending upon the device, users may be required to log in when the Client loads or only when the Client checks for new or updated apps or attempts to download data from a remote data source.
With Standalone Apps, when you build the app you can choose whether users will have to log in when the app is loaded or the app will automatically log in to the App Server anonymously.
You can check the current Access permissions set for an app under the Properties tab in the Application category within App Manager or using the Access Control utility.