AppControl Docs
  • Introduction
  • Overview
    • Features
    • Product architecture
      • AppControl Repository
      • Policy Checks
    • Initial set up
      • AppControl User
      • Install package
      • Configure system
      • Add apps
      • Add users
      • Give permissions
    • User Roles & Access
    • Getting Started
      • Platform Administrator
      • App Owner
      • App Administrator
      • Developer
  • Dashboards
    • Platform
    • Alerts
    • App
      • Log Rule
    • Policies
      • Compare Revisions
    • Releases
      • Create Release
    • Tasks
      • Task Assignment
      • Task Details
    • Insights
      • Components
      • Reports
      • Users
      • Logs
  • Administration
    • Policies
    • Pipelines
      • Approval
      • Backup
      • Build
      • Call API
      • Check Policy
      • Deploy
      • Deploy Configuration
      • Notification
      • Start / Stop
    • Tasks
    • App Groups
    • Access Groups
    • System
      • Accounts
      • Notifications
      • System Status
      • System Logs & Tools
      • System Configuration
      • Repository
        • Log Solution
      • Product License
      • Management API
      • Mendix Configuration
    • Feedback
  • Checks
    • APIs
      • Published APIs must use authentication
    • App
      • Project security level
      • Project security enabled
      • Demo users enabled
      • Anonymous users enabled
      • Strong password policy
      • Default admin username changed
      • Anonymous user access restricted
      • Default admin user restricted
      • Use strong hash algorithm
      • Check user role security for consistency
      • Restrict users to a single session
      • Perform strict page URL checks
      • Project naming standards
    • Components
      • Components with vulnerabilities
      • Mendix runtime version age
      • Mendix runtime support status
      • Non platform supported components
      • Max component age
      • Average age components
      • Use latest version of Marketplace module
      • Use latest version of Marketplace widget
      • Use latest version of Mendix
      • Limit number of Java libraries
      • Limit number of widgets
      • Use minimum Mendix runtime version
    • Constants
      • Do not expose constants to client
    • Development
      • Last commit to production
      • Last commit to project
      • Project documentation standards
      • Project organization standards
      • Project logging standards
    • Domain Model
      • Default member access rights restricted
      • Use read only attributes in XPath constraints
      • Anonymous users can only change own data
      • Anonymous users cannot change unlimited length strings
      • Domain model standards
      • Anonymous user access restricted
      • Naming standards - Domain Model
      • Documentation standards - Domain Model
    • Enumerations
      • Naming Standards - Enumerations
    • Microflows
      • Incorrect date format
      • Incorrect empty string check
      • Empty variable used
      • Apply entity access when generating documents
      • Use inherited entities from System module
      • Web service calls with templates should be escaped
      • Naming Standards - Microflows
      • Logging Standards - Microflows
      • Documentation Standards - Microflows
    • Pages
      • Attributes in data views should be editable
      • Naming Standards - Page Flows
      • Documentation Standards - Pages
  • Support
    • Docs
    • Feedback
    • Tickets
    • Releases
    • System Status
    • User Details
Powered by GitBook
On this page
  • User Roles
  • App Roles
  1. Overview

User Roles & Access

Access to functionality and data in AppControl is divided into 2 parts:

  • User Roles. User roles grant access to AppControl functionality and the ability to manage system data, but do not (except for the Platform Administrator role) give access to specific apps.

  • App Roles. Assigning users to apps gives them access to view and manage those apps, based on the user roles that have been assigned to them.

This means that to use AppControl a user needs both a specific user role, and also needs to be assigned to 1 or more apps (otherwise the user will have rights to perform actions and view data, but there will not be any apps visible to view or manage!).

User Roles

There are 5 different user roles in AppControl:

Role
Can manage
Can view

Platform Administrator

Manage system settings, Manage groups, App Access, All Policies, All Pipelines, All Tasks

All apps, policies, releases, tasks, repository information.

Group Administrator

Manage group members, App Access for apps in group, Group Policies, Group Pipelines, App Pipelines (in group), Group Tasks, App Tasks (in group)

In groups where assigned as Group Admin: all apps, policies, releases, tasks, repository information.

App Administrator

App Policies, App Pipelines, App Tasks

All apps in groups where assigned as Group Member, All apps where assigned as App Member.

App Viewer

View only.

All apps in groups where assigned as Group Member, All apps where assigned as App Member.

No Access

None

None

App Roles

There are 4 different app roles in AppControl:

Role
Can manage
Can view

App Owner

App Info, Approve Releases

Policy, release, task, environment and repository information.

App Administrator

App Policies, App Pipelines, App Tasks, Create Releases, Approve Releases

Policy, release, revision, environment, configuration, task and repository information.

App Member

None.

Policy, release, environment, task and repository information.

App Operator

Create Releases

Release information

Users can be assigned app roles through the following means:

PreviousGive permissionsNextGetting Started

Last updated 1 month ago

App Group Membership. If a user is a member of a group they automatically gain the App Member role for all apps that are a member of that group. Group membership is managed by Group Administrators via the Administration > App Groups page. For more information on assigning users to groups see the page of this documentation.

Access Group Membership. If a user is a member of an access group, they can view all apps that are a member of that group. In addition they may have additional rights depending on whether they have been assigned the App Owner or App Administrator role. Access group membership is managed by Platform Administrators via the Administration > Access Groups page. For more information on assigning users to groups see the page of this documentation.

Specific App Access. If a user is assigned as an App Owner, App Administrator App Member for a specific app, they will be able to see that app. For more information on assigning a user to a specific app see the page of this documentation.

App Groups
Access Groups
Apps