The Features section
This topic describes what Application Profiles are and how to manage them in the Features section of the System Administration area.
In the Features section, you can manage Application Profiles which allow or deny user access to various Board features, such as editing Layouts, editing Procedures, performing selections, and much more. You can apply these Application Profiles by associating them with a user Role in the Roles section of the System Administration area, then you will have to associate a Role with each user in the Subscription Hub.
Application Profiles and Roles together represent the second security layer of Board's Four Security Layers model.
To access the Features section, access the System Administration space of the desired Platform and click on the Features tile. You will be taken to the Roles page.
In the Features page you can see all existing Application Profiles and their main information: the table is sortable and searchable using the interactive header fields. You can also show or hide columns to your liking, by clicking the Column chooser button in the upper right corner of the table.
The table contains the name and authorizations of each Application Profile. See step number 2 of the following paragraph for a detailed explanation of each authorization.
Creating and Managing Application Profiles
To create an Application Profile, proceed as follows:
- Click on “+APPLICATION PROFILE” in the upper left corner to bring up the Application Profile configuration panel
- Enable the desired authorizations under the "PROCEDURES AND WORKSPACE" menu. The options are the following:
- Allow execution of security critical procedures. Enable this option if you want to allow a user associated with this Application Profile to run batch commands through the "Server command" Procedure step in the Execution flow action group. If this option is disabled, the user can still trigger the execution of a Procedure containing "Server command" steps, but the Procedure will stop running as soon as a "Server command" step is encountered. In addition, if this option is disabled, the user cannot create/save Procedures containing one or more "Server command" Procedure steps
- Deny Layout designer. Enable this option if you want to deny a user associated with this Application Profile access to the Layout editor in Capsule Screens and Presentation Slides; the user will not be able to access the Layout editor, however, the user can still modify the Layout associated with a Screen Object in Play mode if the Quick Layout feature is enabled and configured for that Object. In addition, the user can still access the Layout editor outside Capsule Screens and Presentation Slides (i.e. in various Procedure steps, B.E.A.M. Forecasting, B.E.A.M. Clustering etc.)
If you enable this option, the Layout icon will not be visible in the contextual menu (sliding toolbar) of Screen Objects and in the Top Menu (Toolbar) for the affected users.
- Deny selection editor. Enable this option to deny a user associated with this Application Profile access to the Select feature in Capsule Screens and Presentation Slides; the user will not be able to access the Select window, however, the user can still apply selections through Selector and Pager Objects
- Deny export and print. Enable this option to deny a user associated with this Application Profile access to the Export printable report feature, this means that the user will not be able to export data represented on Capsule Screens and Presentation Slides
If you enable this option, the buttons "Export data to xlsx" and "Export printable report" will not be visible in the contextual menu (sliding toolbar) of Screen Objects and in the Top Menu for the affected users.
- Deny Procedure editing. Enable this option to deny a user associated with this Application Profile access to the Procedures section of Data models and Capsules; the user will not be able to create, edit or delete Procedures. However, the user will still be able to trigger existing Procedures, for example through Button and Label Objects in a Capsule Screen
If you enable this option, the Procedures tile will not be visible in the Data model design section and in the left panel of a Screen in Design mode for the affected users.
- Allow Corporate Identity Designer. Enable this option to allow a user associated with this Application Profile access to the Corporate Identity Designer section. This option is deprecated but is still listed for back-compatibility reasons
- Allow Data Fast Track. Enable this option to allow a user associated with this Application Profile access to the Fast Track feature
- Deny Subscribe and SendTo. Enable this option to deny a user associated with this Application Profile access to the Subscribe feature in the Top Menu and Send To feature in the Presentations section.
If you enable this option, the buttons "New subscription" and "View all subscriptions" will not be visible in the Top Menu for Capsule Screens, and the Send To section will not be visible in the Presentations workspace for the affected users.
- Enable the desired API endpoints for Board's public APIs under the "PUBLIC API ACCESS" menu.
Permissions set in the Platform authorization table in the configuration panel of a Client API user in the Subscription Hub take precedence over the options in this section. For example, API calls that use a Client API user with all permissions enabled will still have full access to the public API endpoints even if all the "PUBLIC API ACCESS" options in the Features section are disabled.
Managing and associating Application Profiles
To edit an Application Profile, select it and modify the desired options explained in the steps above.
To delete one or more Roles, select the desired ones and then click on the "DELETE" button.
To associate an Application Profile with a user Role, go to the Roles section, create or edit a Role and choose an Application Profile under the "APPLICATION PROFILE" menu.