Access and visibility of a specific app

Hello everyone,

I’m trying to restrict access of a group of users to see/access only certain apps (low code app).

I created Client1 role and allowed it to “Read namespace” and “List and search modules,pages…” of the specific app and I denied Authenticated. but seemed to block everyone including Client1.

I tried to edit Authenticated in different permission tabs to prevent other users from seeing/accessing the specific app, but same result.

I managed to hide an app from a specific role Client1 by changing “Read namespace” in “compose/namespaces” to “deny”. It blocked this Client1. How can we do the opposite (block everyone exept role) ?

Does anyone have a solution of this ? I tied to read the documentation but I didn’t find what I should allow and deny to achieve this.

Thank you !

Cheers,

Hi there,

My first thought here would be to look at the admin area permissions settings

Here we can control which permissions each role is given, this is important to modify as it controls which permissions are inherited on certain aspects of Corteza. Inherit is the default setting on most elements of Corteza so this is likely what is causing your issue.

The page below is likely where you need to change the permissions and this should allow only the Client1 role the read the namesapce

1 Like

That was excatly what I did. But I didn’t come any usable result :

When I changed the default setting for authenticated to deny. It blocked everyone including Client1.

And for the second half :

I did it here :

But same result. I know that Corteza has a flat structure that removes role hierarchy. What if there is a conflict between two roles ? Like for example between Authenticated and Client1 (allow and deny).

What am I getting wrong ? :sweat_smile:

There is how I resolved the problem.
Two simple configurations :

  • in Admin/Applications/ permission → authenticated : deny
  • in our specific app → role user level 1 : allow

Here is the explanation :

  • Role Importance : common roles > authenticated roles.
  • Resource Specificity : deny to the general rousource + allow to the specific resource = allow only the specified resource.

A deep reading of this article is mendatory : The Security Model :: Corteza Docs