Tutorial 202:

Extend

Tutorial 202: Lesson 8

Extend your security model

Lesson Materials
Download Files

Customizing your users’ access

Now that you've made a number of user-facing enhancements, it's time to work behind the scenes on additional security settings. Set up custom user access based on your different user roles — such as Therapist and Bookkeeper — so your app can behave differently for each kind of user. 

In this lesson, you’ll begin by identifying the roles each person plays within your app and thinking through any access restrictions they should have. Based on that plan, you’ll set up targeted access using a new custom privilege set that determines what each user can see, create or edit when they log into your app. Finally, you’ll refine the app’s interface so a user doesn’t see elements she can’t use.

Why is this important?

  • You’ve already password-protected your app against unauthorized users, but even authorized users may need different levels of data access. For example, a Finance user will thank you for keeping sensitive data for their eyes only.
  • This isn’t just about keeping data private; you can also help users to avoid messing up data accidentally. If a user should be able to read data but not edit it, include this restriction in your security model to make it easy for users to succeed.

Video

Creating a Privilege Set from Scratch

Modify a privilege set for therapists in the activity below.

In this video, you will:

  • Plan your security changes: identify roles and access needs (0:49)
  • Create a new privilege set: customize access for a role (2:48)
  • Assign privilege set: give an account custom access (7:17)
  • Test changes: test the app with the new privilege set (7:36)
  • Hide restricted elements: hide a button if a user isn’t authorized for it (8:20)

Related Resource