Sunday, September 22, 2013

Owner/group-based permissions AKA "See your own data"

In most deployments of Orbeon Forms, there are two classes of users:
  1. Some users fill out forms; as done by constituents in the case of a government deployment.
  2. Some users can access all the submitted forms; as done by specific government employees in the case of a government deployment.
This workflow is very much in line with how traditional forms are handled by companies and governments alike. However, there are other cases, where forms are treated more like documents: whoever creates the form is considered the owner, and owners should be able to see and possibly edit their own forms.

Version 4.3 of Orbeon Forms, released in August, introduced a new feature: owner/group-based permissions, which allows you to do just that. Specifically, through Form Builder, form authors can specify through the Permissions dialog (pictured below), which one of the read, update, and delete operations owners are allowed to perform on their own forms. In addition to this, as before, users with a specific role can be granted the right to access the forms of all users. (In the example below, a clerk can read all the forms, and an admin can also update and delete forms.)


We called this feature owner/group-based permissions, as access can be extended from just the owner to all the group members, i.e. all the other users who are in the same group as the owner. For instance, one of our customers, a large insurance company, has a number of resellers creating quotes for their customers. Each reseller has several agents, setup as users in the system. The agents want to be able to automatically share quotes they create amongst other agents part of the same reseller (but not with other resellers!). They got the expected result by setting up the groups to correspond to the resellers, and giving group members the read, update, and possibly delete permissions.

In Orbeon Forms 4.3, this feature was introduced for just MySQL and DB2, and wasn't enabled by default (it required properties to be set). In the upcoming Orbeon Forms 4.4, this feature will be available and enabled by default for all relational databases supported by Orbeon Forms.